Minimum Collection User Permissions in vRealize Operations Manager 6.x and later
search cancel

Minimum Collection User Permissions in vRealize Operations Manager 6.x and later

book

Article ID: 341635

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

A vRealize Operations Manager collection user must be granted permissions from a vCenter role in order to collect from the vCenter.

Environment

VMware vRealize Operations Manager 6.7.x
VMware vRealize Operations Manager 7.0.x
VMware vRealize Operations Manager 6.5.x
VMware vRealize Operations Manager 6.4.x
VMware vRealize Operations 8.x
VMware vRealize Operations Manager 7.5.x
VMware vRealize Operations 8.0.x
VMware vRealize Operations 8.1.x
VMware vRealize Operations Manager 6.0.x
VMware vRealize Operations Manager 6.2.x
VMware vRealize Operations Manager 6.1.x
VMware vRealize Operations Manager 6.6.x
VMware vRealize Operations Manager 6.3.x

Resolution

For a vRealize Operations Manager collection user to collect all metrics and tags for an object, the below permissions are the minimum required for a collection user.
  1. Log in to the vSphere Web UI as an Administrator.
  2. Navigate to Home > Roles.
  3. Select the role given to the collection user specified in vRealize Operations Manager, or create a new role.
  4. Edit the role, and grant these permissions:
  • vCenter 6.0 and Earlier
Global > Health
Profile-Driven Storage > View
Storage views > View
vCenter Inventory Service
 
  • vCenter 6.5 and Later
Global > Global Tag
Global > Health
Global > System Tag
Performance > Modify intervals
Profile-Driven Storage > Profile-Driven Storage View
Storage Views > View
Datastore > Browse Datastore
Extention > Register extention
Extention > Unregister extention
Extention > Update extention
Global > License

Note: To push Telegraf agents from vRealize Operations Manager, the collection user must also have the following permissions:
Virtual Machine > Guest Operations > Guest Operation alias modification
Virtual Machine > Guest Operations > Guest Operation alias query
Virtual Machine > Guest Operations > Guest Operation modifications
Virtual Machine > Guest Operations > Guest Operation program execution
Virtual Machine > Guest Operations > Guest Operation queries

Note: To Provide data to vSphere Predictive DRS, the collection user must also have the following permissions:
External stats provider > Update
External stats provider > Register
External stats provider > Unregister
  1. Click OK to save the changes.

This role should be granted to the collection user at the Global level, to gather all objects.

Alternatively the role can be granted to the collection user on a specific object/child bases while other objects are given the No Access role.
Any objects with the No Access role defined for the collection user will not appear in vRealize Operations Manager as a collected object.

Note: You can assign Global permissions by logging into the vSphere web client as [email protected].


Additional Information

To verify the collection user specified in vRealize Operations Manager:
  1. Log in to the vRealize Operations Manager Product UI as admin.
  2. Navigate to Administration > Solutions.
  3. Select the VMware vSphere solution and click Configure.
  4. Select the vCenter adapter instance and click Edit next to Credential.
Note: The Collection user is displayed in the User Name field.


Powered by Wolken Software