You can configure access permissions for the Storage Plugin for vCenter, which includes users, roles, and privileges.

Review required vSphere privileges

Plugin access type vSphere privilege required

Read-Write (Configure)

Datastore.Configure

Read-Only (View)

Datastore.Browse

Configure Storage Administrator roles

To provide read/write privileges for plugin users, you can create, clone, or edit a role. For more information about configuring roles in the vSphere Client, see the following topic in the VMware Doc Center:

Access role actions

  1. From the home page of the vSphere Client, select Administrator from the access control area.

  2. Click Roles from the access control area.

  3. Perform one of the following actions:

    • Create new role: Click on the Create Role action icon.

    • Clone role: Select an existing role and click on the Clone Role action icon.

    • Edit existing role: Select an existing role and click on the Edit Role action icon.

The Administrator role is not editable.

The appropriate wizard appears, depending on the above selection.

Create a new role

  1. In the Privileges list, select the access permissions to assign to this role.

    To allow Read-Only access to the plugin, select Datastore  Browse datastore. To allow Read-Write access, select Datastore  Configure datastore.

  2. Assign other privileges for the list if needed, and then click Next.

  3. Name the role and provide a description.

  4. Click Finish.

Clone a role

  1. Name the role and provide a description.

  2. Click OK to finish the wizard.

  3. Select the cloned role from the list, and then click on Edit Role.

  4. In the Privileges list, select the access permissions to assign to this role.

    To allow Read-Only access to the plugin, select Datastore  Browse datastore. To allow Read-Write access, select Datastore  Configure datastore.

  5. Click Next.

  6. Update the name and description, if desired.

  7. Click Finish.

Edit an existing role

  1. In the Privileges list, select the access permissions to assign to this role.

    To allow Read-Only access to the plugin, select Datastore  Browse datastore. To allow Read-Write access, select Datastore  Configure datastore.

  2. Click Next.

  3. Update the name or description, if desired.

  4. Click Finish.

Set permissions for vCenter Server Appliance

After setting privileges for a role, you must then add a permission to the vCenter Server Appliance. This permission allows a given user or group access to the plugin.

  1. From the menu dropdown list, select Hosts and Clusters.

  2. Select the vCenter Server Appliance from the access control area.

  3. Click the Permissions tab.

  4. Click the Add Permission action icon.

  5. Select the appropriate domain and user/group.

  6. Select the role created that allows for the read/write plugin privilege.

  7. Enable the Propagate to Children option, if needed.

  8. Click OK.

You can select an existing permission and modify it to use the created role. However, be aware that the role must have the same privileges along with read/write plugin privileges as to avoid a regress in permissions.

To access the plugin, you must log in to the vSphere Client under the user account that has the read/write privileges for the plugin.

For more information about managing permissions, see the following topics in the VMware Doc Center: