For a vRealize Operations Manager collection user to collect all metrics and tags for an object, the below permissions are the minimum required for a collection user.
- Log in to the vSphere Web UI as an Administrator.
- Navigate to Home > Roles.
- Select the role given to the collection user specified in vRealize Operations Manager, or create a new role.
- Edit the role, and grant these permissions:
Global > Health
Profile-Driven Storage > View
Storage views > View
vCenter Inventory Service
Global > Global Tag
Global > Health
Global > System Tag
Performance > Modify intervals
Profile-Driven Storage > Profile-Driven Storage View
Storage Views > View
Datastore > Browse Datastore
Extention > Register extention
Extention > Unregister extention
Extention > Update extention
Global > License
Note: To push Telegraf agents from vRealize Operations Manager, the collection user must also have the following permissions:
Virtual Machine > Guest Operations > Guest Operation alias modification
Virtual Machine > Guest Operations > Guest Operation alias query
Virtual Machine > Guest Operations > Guest Operation modifications
Virtual Machine > Guest Operations > Guest Operation program execution
Virtual Machine > Guest Operations > Guest Operation queries
Note: To Provide data to vSphere Predictive DRS, the collection user must also have the following permissions:
External stats provider > Update
External stats provider > Register
External stats provider > Unregister
- Click OK to save the changes.
This role should be granted to the collection user at the Global level, to gather all objects.
Alternatively the role can be granted to the collection user on a specific object/child bases while other objects are given the No Access role.
Any objects with the No Access role defined for the collection user will not appear in vRealize Operations Manager as a collected object.
Note: You can assign Global permissions by logging into the vSphere web client as [email protected].