• When attempting to establish a connection to a VMware vCenter Server Appliance (VCSA) using the Connect-VIServer cmdlet with the root account, the connection fails.
• Error Message:
  
  • Connect-VIServer: MM/DD/YYYY HH:MM:SS PM Connect-VIServer     Permission to perform this operation was denied.
Required privileges: 'Folder-group-d1' : 'System. View'
• The connection is successful when using the [email protected] account.
• The connection is successful when using integrated Active Directory (AD) accounts with appropriate permissions.

• VMware vCenter Server 7.X
• VMware vCenter Server 8.X

• By design, the root user of the vCenter Server Appliance is a local OS-level account intended for appliance management via SSH or the Appliance Management Interface (VAMI) on port 5480.
• The root user is not automatically granted permissions within the vSphere Single Sign-On (SSO) inventory or the vCenter Server object hierarchy. Therefore, it lacks the necessary System.View privileges required by the VMware API to initialize a PowerCLI session. For security and architectural reasons, the root account should not be used to manage vSphere inventory objects.

To manage vCenter via PowerCLI, use an account that is part of the vSphere SSO domain or a linked Identity Source.

• Use the SSO Administrator:
  • Use [email protected] (or your configured SSO domain) to perform administrative tasks.

or 

• Use Domain Accounts:
  • Use an Active Directory or LDAP account that has been granted the "Administrator" role (or a specific custom role) within the vCenter Global Permissions.