VxRail Management Pack for vROps – Privileges

This is a quick post to explain what the minimum required privileges are when configuring a user for the VxRail vROps Management Pack.

The VxRail Management Pack for vROps requires a user account to connect to the vCenter Server of the VxRail. And like all good service accounts, this user should be of least privilege. Yes, administrator@vsphere.local does work also, but that’s really not why you are here!

As per the VxRail Management Pack for vROps User Guide, the account requires the following user privileges:

  • Property Collection
  • Objects Discovery
  • Events Collection
  • Performance Metrics Collection

The whereabouts of these particular privileges is best explained in the VMware doc, appropriately titled Privileges Required for Configuring a vCenter Adapter Instance

All that this post is doing really is putting both of these pieces of information in the one place via that search that brought you here, and adding some pictures.

In the vCenter Server UI > Administration > Single Sign On > Users and Groups, go create a new user in the vsphere.local domain. In our example, we used vxrail_vrops.

In the vCenter Server UI > Administration > Roles make a clone of the Read-only role and rename it appropriately e.g. VxRail vROps Role

Edit that new Role for the following privileges:

  • Property Collection
  • Objects Discovery
  • Events Collection
  • Performance Metrics Collection

… as called out in the VMware doc, these can be found as follows:

Property Collection requires:

  • System > Anonymous is already configured by default in a custom role.

Objects Discovery requires:

  • Profile-Driven Storage > View

In addition, Events Collection requires:

  • Storage Views > View
  • Datastore > Browse Datastore
  • System > View is enabled by default in Custom role

Performance Metrics requires:

  • Performance > Modify intervals
  • System > View is enabled by default in Custom role

Click Next and Finish for this Role

vCenter Server UI > Administration > Global Permissions add the new permission to the new user, for example we used vxrail_vrops@vsphere.local

IMPORTANT – Ensure that this new user is also added to the Administrators Group (Administrators@vsphere.local) in vCenter.

In the vROps UI, once the VxRail Mgmt Pack has been successfully installed, when configuring the VxRail Adapter, enter the new credentials:

Test the connection, and if successful then Save Settings.

And you are done!

Hope that helps, Steve.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.