6.5.1

ManualsBrandsVMware ManualsApplicationsvSphere

231

232

233

234

235

236

237

238

239

240

Table Of Contents

vSphere Security

Table 11‑12. Folder Privileges

Privilege Name Description Required On

Folder.Create folder Allows creation of a new folder. Folders

Folder.Delete folder Allows deletion of a folder.

To have permission to perform this operation, a user or group must

have this privilege assigned in both the object and its parent object.

Folders

Folder.Move folder Allows moving a folder.

Privilege must be present at both the source and destination.

Folders

Folder.Rename folder Allows changing the name of a folder. Folders

Global Privileges

Global privileges control global tasks related to tasks, scripts, and extensions.

You can set this privilege at different levels in the hierarchy. For example, if you set a privilege at the

folder level, you can propagate the privilege to one or more objects within the folder. The object listed in

the Required On column must have the privilege set, either directly or inherited.

Table 11‑13. Global Privileges

Privilege Name Description Required On

Global.Act as vCenter

Server

Allows preparation or initiation of a vMotion send operation or a

vMotion receive operation.

Root vCenter Server

Global.Cancel task Allows cancellation of a running or queued task. Inventory object related

to the task

Global.Capacity planning Allows enabling the use of capacity planning for planning consolidation

of physical machines to virtual machines.

Root vCenter Server

Global.Diagnostics Allows retrieval of a list of diagnostic files, log header, binary files, or

diagnostic bundle.

To avoid potential security breaches, limit this privilege to the vCenter

Server Administrator role.

Root vCenter Server

Global.Disable methods Allows servers for vCenter Server extensions to disable certain

operations on objects managed by vCenter Server.

Root vCenter Server

Global.Enable methods Allows servers for vCenter Server extensions to enable certain

operations on objects managed byvCenter Server.

Root vCenter Server

Global.Global tag Allows adding or removing global tags. Root host or vCenter

Server

Global.Health Allows viewing the health of vCenter Server components. Root vCenter Server

Global.Licenses Allows viewing installed licenses and adding or removing licenses. Root host or vCenter

Server

Global.Log event Allows logging a user-defined event against a particular managed

entity.

Any object

Global.Manage custom

attributes

Allows adding, removing, or renaming custom field definitions. Root vCenter Server

vSphere Security

VMware, Inc. 236