Minimum Collection User Permissions in vRealize Operations Manager 6.x and later
Article ID: 341635
Updated On:
Products
VCF Operations/Automation (formerly VMware Aria Suite)
Issue/Introduction
A vRealize Operations Manager collection user must be granted permissions from a vCenter role in order to collect from the vCenter.
Environment
VMware Operations Manager 6.x
VMware vRealize Operations Manager 7.x
VMware vRealize Operations 8.x
VMware Aria Operations 8.x
VMware vRealize Operations Manager 7.x
VMware vRealize Operations 8.x
VMware Aria Operations 8.x
Resolution
For a vRealize Operations Manager collection user to collect all metrics and tags for an object, the below permissions are the minimum required for a collection user.
- Log in to the vSphere Web UI as an Administrator.
- Navigate to Administration > Access Control > Roles.
- Select the role given to the collection user specified in vRealize Operations Manager, or create a new role.
- Edit the role, and grant these permissions:
- vCenter 6.0 and Earlier
Global > Health
Profile-Driven Storage > View
Storage views > View
vCenter Inventory Service
Profile-Driven Storage > View
Storage views > View
vCenter Inventory Service
- vCenter 6.5 and Later
Datastore > Browse Datastore
Extension > Register Extension
Extension > Unregister Extension
Extension > Update Extension
Global > Global Tag
Global > Health
Global > Licenses
Global > System Tag
Extension > Register Extension
Extension > Unregister Extension
Extension > Update Extension
Global > Global Tag
Global > Health
Global > Licenses
Global > System Tag
Global > Settings
Performance > Modify Intervals
Profile-Driven Storage > Profile-Driven Storage View
Storage Views > View
Note: To push Telegraf agents from vRealize Operations Manager, the collection user must also have the following permissions:
Virtual Machine > Guest Operations > Guest Operation alias modification
Virtual Machine > Guest Operations > Guest Operation alias query
Virtual Machine > Guest Operations > Guest Operation modifications
Virtual Machine > Guest Operations > Guest Operation program execution
Virtual Machine > Guest Operations > Guest Operation queries
Note: To Provide data to vSphere Predictive DRS, the collection user must also have the following permissions:
External stats provider > Update
External stats provider > Register
External stats provider > Unregister
Performance > Modify Intervals
Profile-Driven Storage > Profile-Driven Storage View
Storage Views > View
Note: To push Telegraf agents from vRealize Operations Manager, the collection user must also have the following permissions:
Virtual Machine > Guest Operations > Guest Operation alias modification
Virtual Machine > Guest Operations > Guest Operation alias query
Virtual Machine > Guest Operations > Guest Operation modifications
Virtual Machine > Guest Operations > Guest Operation program execution
Virtual Machine > Guest Operations > Guest Operation queries
Note: To Provide data to vSphere Predictive DRS, the collection user must also have the following permissions:
External stats provider > Update
External stats provider > Register
External stats provider > Unregister
- Click OK to save the changes.
This role should be granted to the collection user at the Global level, to gather all objects.
Alternatively, the role can be granted to the collection user on a specific object/child basis while other objects are given the No Access role.
Any objects with the No Access role defined for the collection user will not appear in vRealize Operations Manager as a collected object.
Note: You can assign Global permissions by logging into the vSphere web client as [email protected].
Additional Information
Feedback
Yes
No
Powered by
