Updated on June 3, 2013
This article can help you answer the following questions:
- Can I create a non-admin user for VMTurbo to access VirtualCenter with?
- What is the minimum set of permissions for VMTurbo to access VirtualCenter?
- How should I configure user access in VirtualCenter for VMTurbo?
- Can I create a read-only user for VMTurbo?
-What are the permissions required in VirtualCenter for VMTurbo?
The minimal access for VMTurbo is that of the 'read-only' role, plus 'Datastore.Browse' (for detection of wasted files).
Note that as this is a read-only role, automated or manual actions cannot be carried out from within the VMTurbo console.
Later in this article, we discuss the entire set of permissions required to allow full control via VMTurbo.
First, to configure this minimal, read-only access:
Create a 'clone' of the 'Read-only' role in the vSphere client user interface (and give this new role a name, such as 'VMTurbo Permissions'),
Right click on this new role, and select 'Edit Role...'
The following dialog box appears:
Within this dialog box, select the 'Datastore' Group, and expand it.
You can then choose the 'Datastore Browse' Permission for this role.
A user (for example 'vmturbo' ) within VirtualCenter can now be assigned to this role as usual within VirtualCenter.
The user supplied to VMTurbo in the 'Admin->'Target Configuration' should also be set to the user configured to use this new Role in VirtualCenter (in our example, 'vmturbo').
Additionally, you may wish to add further permissions to the new role you created, to allow particular actions to be taken from within VMTurbo.
Note: Actions are not generated in the Community Edition, so you do not need to configure any other permissions.
The following table should help you to identify which permissions are minimally required for each 'activity' type within VMTurbo:
| VMTurbo Activity Type | Additional Permissions to 'Read Only' Role |
| Monitoring | None |
| Recommend Actions | None - Only "Read Only' role permissions are required |
| Wasted Storage Reporting | Datastore > Browse Datastore |
| Execute VM Move (vmotion) | Resource > Migrate Resource > Query Vmotion Resource > Modify Resource Pool Resource > Assign VM to Resource Pool |
| Execute VM Storage Move (svmotion) | Datastore > Allocate Space Datastore > Browse Datastore Datastore > Configure Datastore Datastore > Move Datastore Datastore > Remove File Datastore Cluster > Configure a Datastore Cluster* Datastore > Update Virtual Machine Files Resource > Assign VM to Resource Pool Resource > Migrate Resource > Relocate Resource > Modify Resource Pool Resource > Move Resource Pool Resource > Query Vmotion Virtual Machine > Configuration > Change Resource Virtual Machine > Configuration > Swap File Placement *Datastore Cluster permission only applies to vSphere 5.x+ |
| Execute VM Resize | Virtual Machine > Configuration > Change CPU Count Virtual Machine > Configuration > Change Resources Virtual Machine > Configuration > Memory Virtual Machine > Interaction > Reset Virtual Machine > Interaction > Power Off Virtual Machine > Interaction > Power On |
The Permissions Group (and, where applicable, subgroup) are indicated with a ">" character
For example, permission "Virtual Machine>Interaction>Reset" can be found by expanding the group "Virtual Machine" and the sub-group "Interaction" in the "Edit Role" dialog box shown earlier in this article.
Alternatively, you can also of course configure VMTurbo to use an 'administrator' user within VirtualCenter.
Comments