As some administrators may have noticed, VMware has made quite a few changes to vSphere 5.1 and I was a bit thrown off by the change to the layout of permissions while I configured the role for the VMware View service account because it doesn’t look like the VMware Horizon View 5.2 documentation was written for vSphere 5.1. After browsing around the permissions available in vCenter 5.1 the change I noticed was that there is no longer the section Virtual Machine –> State as stated in the documentation:
These permissions in vCenter 5.1 have since been moved to Virtual Machine –> Snapshot:
Here is a screenshot of the old vCenter 5.0 Virtual Machine –> State option:
Seeing how I got a bit confused with this, I’m sure my colleagues are going to ask me about this so I thought I’d write this blog post so I can refer them to it. First off, it’s important to note that there are 2 sets of permissions in the VMware Horizon View 5.2 documentation you need to be aware about that is listed in the following URL:
Configuring User Accounts for vCenter Server and View Composer
http://pubs.vmware.com/view-52/index.jsp?topic=%2Fcom.vmware.view.installation.doc%2FGUID-997107E5-F66D-494C-B2BA-A74977C7804C.html
The first one is:
View Manager Privileges Required for the vCenter Server User
http://pubs.vmware.com/view-52/index.jsp?topic=%2Fcom.vmware.view.installation.doc%2FGUID-A878F876-B359-42FC-9124-A1E34BFB3319.html
These permissions are only enough for you to configure View Manager to deploy virtual desktops that do not rely on the View Composer. If you intend on deploying virtual desktops such as linked clones which requires View Composer then you’ll need to configure the additional permissions listed in the second URL:
View Composer Privileges Required for the vCenter Server User
With this clarified, the following are the permissions required to configure the role in VMware vCenter 5.1 for VMware Horizon View 5.2:
Datastore
- Allocate space
- Browse datastore
- Low level file operations
Folder
- Create folder
- Delete folder
Global
- Disable methods
- Enable methods
- System tag
Network
- Assign network
- Configure
- Move network
- Remove
Resource
- Assign virtual machine to resource pool
- Migrate powered off virtual machine
Virtual machine –> Configuration
- All items
Virtual machine –> Interaction
- Power Off
- Power On
- Reset
- Suspend
Virtual machine –> Provisioning
- Allow disk access
- Clone virtual machine
- Customize
- Deploy template
- Read customization specifications
Virtual machine –> Snapshot management
- Create snapshot
- Remove Snapshot
- Rename Snapshot
- Revert to snapshot
Hope this helps anyone out there looking for updated permission settings for configuring the role for the VMware Horizon View 5.2’s vCenter 5.1 service account.
No comments:
Post a Comment