Sunday, April 7, 2013

Configuring vCenter role permissions for VMware vSphere 5.1 and VMware Horizon View 5.2 (View Manager and View Composer)

As some administrators may have noticed, VMware has made quite a few changes to vSphere 5.1 and I was a bit thrown off by the change to the layout of permissions while I configured the role for the VMware View service account because it doesn’t look like the VMware Horizon View 5.2 documentation was written for vSphere 5.1.  After browsing around the permissions available in vCenter 5.1 the change I noticed was that there is no longer the section Virtual Machine –> State as stated in the documentation:


These permissions in vCenter 5.1 have since been moved to Virtual Machine –> Snapshot:


Here is a screenshot of the old vCenter 5.0 Virtual Machine –> State option:


Seeing how I got a bit confused with this, I’m sure my colleagues are going to ask me about this so I thought I’d write this blog post so I can refer them to it.  First off, it’s important to note that there are 2 sets of permissions in the VMware Horizon View 5.2 documentation you need to be aware about that is listed in the following URL:

Configuring User Accounts for vCenter Server and View Composer

The first one is:

View Manager Privileges Required for the vCenter Server User

These permissions are only enough for you to configure View Manager to deploy virtual desktops that do not rely on the View Composer.  If you intend on deploying virtual desktops such as linked clones which requires View Composer then you’ll need to configure the additional permissions listed in the second URL:

View Composer Privileges Required for the vCenter Server User

With this clarified, the following are the permissions required to configure the role in VMware vCenter 5.1 for VMware Horizon View 5.2:


  • Allocate space
  • Browse datastore
  • Low level file operations



  • Create folder
  • Delete folder



  • Disable methods
  • Enable methods
  • System tag



  • Assign network
  • Configure
  • Move network
  • Remove



  • Assign virtual machine to resource pool
  • Migrate powered off virtual machine


Virtual machine –> Configuration

  • All items


Virtual machine –> Interaction

  • Power Off
  • Power On
  • Reset
  • Suspend


Virtual machine –> Provisioning

  • Allow disk access
  • Clone virtual machine
  • Customize
  • Deploy template
  • Read customization specifications


Virtual machine –> Snapshot management

  • Create snapshot
  • Remove Snapshot
  • Rename Snapshot
  • Revert to snapshot


Hope this helps anyone out there looking for updated permission settings for configuring the role for the VMware Horizon View 5.2’s vCenter 5.1 service account.

No comments: