VirtualCenter Permissions Required for VMTurbo

Updated on June 3, 2013

This article can help you answer the following questions:

- Can I create a non-admin user for VMTurbo to access VirtualCenter with?

- What is the minimum set of permissions for VMTurbo to access VirtualCenter?

- How should I configure user access in VirtualCenter for VMTurbo?

- Can I create a read-only user for VMTurbo?

-What are the permissions required in VirtualCenter for VMTurbo?

 

The minimal access for VMTurbo is that of the 'read-only' role, plus 'Datastore.Browse' (for detection of wasted files).

Note that as this is a read-only role, automated or manual actions cannot be carried out from within the VMTurbo console.

Later in this article, we discuss the entire set of permissions required to allow full control via VMTurbo.

First, to configure this minimal, read-only access:

Create a 'clone' of the 'Read-only' role in the vSphere client user interface (and give this new role a name, such as 'VMTurbo Permissions'),

Right click on this new role, and select 'Edit Role...'

The following dialog box appears:

 

VCEditRoleDialog.png

 

Within this dialog box, select the 'Datastore' Group, and expand it.

You can then choose the 'Datastore Browse' Permission for this role.

A user (for example 'vmturbo' ) within VirtualCenter can now be assigned to this role as usual within VirtualCenter.

The user supplied to VMTurbo in the 'Admin->'Target Configuration' should also be set to the user configured to use this new Role in VirtualCenter (in our example, 'vmturbo').

Additionally, you may wish to add further permissions to the new role you created, to allow particular actions to be taken from within VMTurbo. 

 

Note: Actions are not generated in the Community Edition, so you do not need to configure any other permissions.

 

The following table should help you to identify which permissions are minimally required for each 'activity' type within VMTurbo: 

VMTurbo Activity Type Additional Permissions to 'Read Only' Role
Monitoring None
Recommend Actions None - Only "Read Only' role permissions are required
Wasted Storage Reporting Datastore > Browse Datastore
Execute VM Move (vmotion) Resource > Migrate
Resource > Query Vmotion
Resource > Modify Resource Pool
Resource > Assign VM to Resource Pool
Execute VM Storage Move (svmotion) Datastore > Allocate Space
Datastore > Browse Datastore
Datastore > Configure Datastore
Datastore > Move Datastore
Datastore > Remove File
Datastore Cluster > Configure a Datastore Cluster*
Datastore > Update Virtual Machine Files
Resource > Assign VM to Resource Pool
Resource > Migrate
Resource > Relocate
Resource > Modify Resource Pool
Resource > Move Resource Pool
Resource > Query Vmotion
Virtual Machine > Configuration > Change Resource
Virtual Machine > Configuration > Swap File Placement
*Datastore Cluster permission only applies to vSphere 5.x+
Execute VM Resize Virtual Machine > Configuration > Change CPU Count
Virtual Machine > Configuration > Change Resources
Virtual Machine > Configuration > Memory
Virtual Machine > Interaction > Reset
Virtual Machine > Interaction > Power Off
Virtual Machine > Interaction > Power On

The Permissions Group (and, where applicable, subgroup) are indicated with a ">" character 

For example, permission "Virtual Machine>Interaction>Reset" can be found by expanding the group "Virtual Machine" and the sub-group "Interaction" in the "Edit Role" dialog box shown earlier in this article.

 

 

 Alternatively, you can also of course configure VMTurbo to use an 'administrator' user within VirtualCenter.

 

 

 

Have more questions? Submit a request

Comments