As a consultant I perform a lot of VMware Horizon View implementations and I find several of the implementation tasks repetitive.
One of those tasks is the creation of a role within vCenter to give the service account used by View Administrator to connect to vCenter server a role with only the required permissions.
While some people use the Administrator role this is wrong and the correct permissions VMware state in the View documentation should be used.
There are two sets of permissions, there are the default required permissions for View to create full clones and power off/on desktops etc, and there are additional permissions required if View Composer is being used to create linked clones.
I created the PowerCLI script below which can be used to create a role for "Horizon View (inc Composer)" and add the required permissions documented by VMware to save myself time.
Connect-VIServer -Server <yourvcenter.vmadmin.co.uk>
New-VIRole -Name "Horizon View (inc Composer)"
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Anonymous")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "View")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Read")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Act as vCenter Server")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Disable methods")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Enable methods")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "System tag")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Create folder")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Delete folder")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Browse datastore")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Low level file operations")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Allocate space")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Move network")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Remove")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Configure")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Assign network")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Advanced settings")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Create new")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Create from existing")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Register")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Remove")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Unregister")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Move")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Power On")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Power Off")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Suspend")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Reset")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Perform wipe or shrink operations")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Rename")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Set annotation")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Add existing disk")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Add new disk")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Remove disk")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Raw device")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Host USB device")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Change CPU count")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Memory")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Add or remove device")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Modify device settings")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Settings")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Change resource")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Upgrade virtual machine compatibility")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Reset guest information")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Advanced")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Disk lease")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Swapfile placement")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Extend virtual disk")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Disk change tracking")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Unlock virtual machine")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Query unowned files")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Reload from path")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Query Fault Tolerance compatibility")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Display connection settings")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Configure managedBy")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Create snapshot")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Revert to snapshot")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Remove Snapshot")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Rename Snapshot")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Customize")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Clone virtual machine")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Deploy template")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Read customization specifications")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Allow disk access")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Assign virtual machine to resource pool")
Set-VIRole -Role "Horizon View (inc Composer)" -AddPrivilege (Get-VIPrivilege -Name "Migrate powered off virtual machine")
Share this blog post on social media:
Tweet
Latest Blog Posts
- vSphere 7 U1 - Part 3 - Creating a Datacenter, HA/DRS Cluster and Adding a Host
- vSphere 7 U1 - Part 2 - Deploying vCenter 7.0 U1 VCSA
- vSphere 7 U1 - Part 1 - Installing ESXi 7.0 U1
- Veeam CBT Data is Invalid - Reset CBT Without Powering Off VM
- View Administrator Blank Error Dialog/Window After Upgrade