Skip to main content
Version: latest

Required Permissions

The VMware vSphere user account that deploys host clusters require access to the following vSphere objects and permissions listed in the following table. Review the vSphere objects and privileges required to ensure each role is assigned the required privileges.

Spectro Root Role Privileges

The spectro root role privileges are only applied to root objects and data center objects. Select the tab for the vSphere version you are using to view the required privileges for the spectro root role.

vSphere ObjectPrivilege
DatastoreBrowse datastore
Storage partition configuration
vSphere TaggingCreate and edit vSphere tags
NetworkAssign network
SessionsValidate session
VM Storage PoliciesView VM storage policies
Storage viewsView

If the network is a Distributed Port Group under a vSphere Distributed Switch (VDS), ReadOnly access to the VDS without “Propagate to children” is required.

Spectro Role Privileges

As listed in the table, apply spectro role privileges to vSphere objects you intend to use for Palette installation. A separate table lists Spectro role privileges for VMs by category.

Open Virtual Appliance (OVA) files are downloaded to the folder you selected. These images are cloned from the folder and applied VMs that deployed during deployments.

Select the tab for the vSphere version you are using to view the required privileges for the spectro role.

vSphere ObjectPrivileges
DatastoreAllocate space
Browse datastore
Low-level file operations
Remove file
Update VM files
Update VM metadata
FolderCreate Folder
Delete folder
Move folder
Rename folder
HostLocal operations: Reconfigure VM
NetworkAssign network
ResourceApply recommendation
Assign VM to resource pool
Migrate powered off VM
Migrate powered on VM
Query vMotion
SessionsValidate sessions
Storage policiesView access for VM storage policies is required.
Ensure StorageProfile.View is available.
spectro-templatesRead only. This is the vSphere folder created during the install. For airgap installs, you must manually create this folder.
Storage viewsView
TasksCreate task
Update task
View OVF environment
Configure vAPP application
Configure vApp instance
vSphere taggingAssign or Unassign vSphere Tag
Create vSphere Tag
Delete vSphere Tag
Edit vSphere Tag

The following table lists spectro role privileges for VMs by category. All privileges are for the vSphere object, Virtual Machines.

Change ConfigurationAcquire disk lease
Add existing disk
Add new disk
Add or remove device
Advanced configuration
Change CPU count
Change memory
Change settings
Change swapfile placement
Change resource
Change host USB device
Configure raw device
Configure managedBy
Display connection settings
Extend virtual disk
Modify device settings
Query fault tolerance compatibity
Query unowned files
Reload from path
Remove disk
Reset guest information
Set annotation
Toggle disk change tracking
Toggle fork parent
Upgrade VM compatibility
Edit InventoryCreate from existing
Create new
Guest OperationsAlias modification
Alias query
Modify guest operations
Invoke programs
InteractionConsole Interaction
Power on/off
ProvisioningAllow disk access
Allow file access
Allow read-only disk access
Allow VM download
Allow VM files upload
Clone template
Clone VM
Create template from VM
Customize guest
Deploy template
Mark as template
Mark as VM
Modify customization specification
Promote disks
Read customization specifications
Service ConfigurationAllow notifications
Allow polling of global event notifications
Manage service configurations
Modify service configurations
Query service configurations
Read service configurations
Snapshot ManagementCreate snapshot
Remove snapshot
Rename snapshot
Revert to snapshot
Sphere ReplicationConfigure replication
Manage replication
Monitor replication
vSANCluster: ShallowRekey