Minimum vCenter user permissions
If you are adding a new vSAN cluster to a vCenter instance, or if you are adding a node to an existing vSAN cluster, the VX Deployer requires that the user account used to authenticate with the vCenter instance has the minimum permission levels.
Add the user to the SystemConfiguration.Administrators single sign-on group. Click .
Create a new role. Click .
At a minimum, the role must have the following permissions:Alarms
Acknowledge alarm
Create alarm
Set alarm status
dvPort group
Create
Modify
Distributed switch
Create
Host operation
Modify
Datacenter
Create datacenter
Datastore
Allocate space
Configure datastore
Extension
Register extension
Unregister extension
Update extension
Global
LogEvent
HealthUpdateProvider
Register
Unregister
Update
Host
Configuration
Maintenance
Network configuration
Storage partition configuration
Inventory
Add host to cluster
Create cluster
Modify cluster
Remove host
vSphere Tagging
Assign or Unassign vSphere Tag
Assign or Unassign vSphere Tag on Object
Create vSphere Tag
Create vSphere Tag Category
Network
Assign network
Configure
Resource
Assign virtual machine to resource pool
Migrate powered on virtual machine
Migrate powered off virtual machine
Sessions.Validate session
vApp
Import
Virtual machine
Change configuration
Add new disk
Advanced configuration
Modify device settings
Edit inventory
Create new
Guest Operations
Guest Operation Program Execution
Guest Operation Queries
Interaction
Power on
vSAN
Cluster
ShallowRekey
Assign the role to the user at the vCenter level. Click .
Click the Propagate to children checkbox.