When attempting to perform host profile activity with minimal permissions user, operation fails with "Permission to perform this operation was denied. You do not hold privileges "HostProfileManager.text HostProfileManager : [Host profile > XXX]""
Article ID: 422448
Updated On:
Products
Issue/Introduction
This Knowledge Base article lists the minimum set of privileges required for a user or user group to successfully create, view, edit, attach, and apply VMware Host Profiles within the vSphere environment.
Users require granular permissions to manage Host Profiles but encounter insufficient privileges errors when attempting operations such as checking compliance or applying a profile to a host.
Environment
VMware vSphere 7.x
VMware vSphere 8.x
Cause
Host Profiles use a specific, dedicated set of privileges under the Host Profile category within the vSphere Permissions model. Without these explicit permissions granted on the relevant vCenter object, the user is unable to perform profile operations.
Resolution
Assign the following permissions to the user/group at the vCenter root level:
|
Privilege Name
|
Description
|
|---|---|
|
Host profile
Clear
|
Allows clearing of profile related information.
|
|
Host profile
Create
|
Allows creation of a host profile.
|
|
Host profile
Delete
|
Allows deletion of a host profile.
|
|
Host profile
Edit
|
Allows editing a host profile.
|
|
Host profile
Export
|
Allows exporting a host profile
|
|
Host profile
View
|
Allows viewing a host profile.
|
Note: You can create a rule with these permissions and assign it to the user/group at the VC root level. (do not check propagate to child if minimal permissions need to be assigned.)
Refer KB for steps on creating/assigning the permissions: Creating and assigning a role with privileges to create and manage virtual machine to a Domain or Local User/Group
Additional Information
Document: Host Profile Privileges
Feedback
