CyberSnap

Menu
Book a Demo
What are you looking for?
< All Topics

Configuring Minimum Permissions for vCenter Server Account.

PostedJanuary 9, 2025
UpdatedJanuary 16, 2025

For regular functionality, CyberSnap requires VMware vCenter access to oversee processes within the VMware environment during scanning and recovery.

The most efficient approach involves creating a dedicated user account with administrative privileges.

In cases where customers need to restrict account privileges, specific and granular permissions must be assigned to dedicated user accounts.

To set up the minimum required privileges for a dedicated vCenter Server user, follow these steps:

  1.  Log in to the vCenter Server by using the vSphere Client.
  2. Select Administration and click Roles in the Access Control area.
  3. Click on the New button, a new popup window will appear.
  4. Provide a new name for the custom role you are creating.
  5. Add a role description.
  6. Choose categories and permissions from the provided list.

Datastore

  •  Allocate space
  •  Browse datastore
  • Configure datastore
  • Low level file operations
  • Move datastore
  • Remove datastore
  • Remove file
  • Rename datastore
  • Update virtual machine files
  • Update virtual machine metadata

Folder

  • Create folder
  • Delete folder
  • Move folder
  • Rename folder

Host

  • Configuration
    • Advanced settings
    • Authentication Store
    • Change settings
    • Connection
    • GuestStore settings
    • Hyperthreading
    • Image configuration
    • Maintenance
    • Memory configuration
    • NVDIMM
    • Network configuration
    • Power
    • ProductLocker settings
    • Quarantine
    • Query patch
    • Security profile and firewall
    • Storage partition configuration
    • System Management
    • System resources
    • Virtual machine autostart configuration
  • Local Operations
    • Create virtual machine
    • Delete virtual machine
    • Reconfigure virtual machine
  • Statistics
    • Query

Network

  • Assign network
  • Configure
  • Move network
  • Remove

Resource

  • Assign virtual machine to resource pool

Virtual Machine

  • Change Configuration
    • Acquire disk lease
    • Add existing disk
    • Add new disk
    • Add or remove device
    • Advanced configuration
    • Change CPU count
    • Change Memory
    • Change Settings
    • Change Swapfile placement
    • Change resource
    • Configure Host USB device
    • Configure Raw device
    • Configure managedBy
    • Display connection settings
    • Extend virtual disk
    • Modify device settings
    • Query Fault Tolerance compatibility
    • Query unowned files
    • Reload from path
    • Remove disk
    • Rename
    • Reset guest information
    • Set annotation
    • Toggle disk change tracking
    • Toggle fork parent
    • Upgrade virtual machine compatibility

  • DataSet Operations
    • Create a DataSet
    • Delete a DataSet
    • Delete an Entry from a DataSet
    • Get an Entry in a DataSet
    • List DataSets
    • List Entries in a DataSet
    • Modify the attibutes of a DataSet
    • Query a DataSet
    • Set an Entry in a DataSet

  • Edit Inventory
    • Create from existing
    • Create new
    • Move
    • Register
    • Remove
    • Unregister

  • Guest operations
    • Guest operation alias modification
    • Guest operation alias query
    • Guest operation modifications
    • Guest operation program execution
    • Guest operation queries

  • Interaction
    • Answer question
    • Backup operation on virtual machine
    • Configure CD media
    • Configure floppy media
    • Connect devices
    • Console interaction
    • Create screenshot
    • Defragment all disks
    • Drag and drop
    • Guest operating system management by VIX API
    • Inject USB HID scan codes
    • Install VMware Tools
    • Pause or Unpause
    • Perform wipe or shrink operations
    • Power off
    • Power on
    • Record session on virtual machine
    • Replay session on virtual machine
    • Reset
    • Resume Fault Tolerance
    • Suspend
    • Suspend Fault Tolerance
    • Suspend to memory
    • Test failover
    • Test restart Secondary VM
    • Turn off Fault Tolerance
    • Turn on Fault Tolerance

  • Provisioning
    • Allow disk access
    • Allow file access
    • Allow read-only disk access
    • Allow virtual machine download
    • Allow virtual machine files upload
    • Clone template
    • Clone virtual machine
    • Create template from virtual machine
    • Customize guest
    • Deploy template
    • Mark as template
    • Mark as virtual machine
    • Modify customization specification
    • Promote disks
    • Read customization specifications

  • Service configuration
    • Allow notifications
    • Allow polling of global event notifications
    • Manage service configurations
    • Modify service configuration
    • Query service configurations
    • Read service configuration

7. To save the permissions assigned to this role, click on the Save button.

In order to assign new roles, a new dedicated user account must be created in VMware vCenter.

To configure dedicate user account follow these steps:

1.     Log in to the vCenter Server by using the vSphere Client.

2.     Select Administration, scroll down to “Single Sign On” section, select “Users and Groups”.

3.     A new window will appear; enter the required information and then click the Add button.

After creating custom roles and dedicated user accounts, it’s essential to establish a relationship between them. To establish relationships, follow these steps:

1.     Log in to the vCenter Server by using the vSphere Client.

2.     Select Administration, select “Access Control” section, select “Global Permissions”.

3.     Click on Add button, new window will popup.

4.     Select user and role you created then click on the OK button.

Now you have configured a dedicated VMware vServer account with the minimum privileges required for CyberSnap to operate effectively.

If you require further assistance, please feel free to submit a support ticket here.

Configuring Minimum Permissions for vCenter Server Account

Download