Map vSphere API privileges to vSphere Web Client UI

Developers who work with the vSphere API (usually in Java or C#) ask how they can map privileges in the API to privilege strings in the vSphere Client. In the table below, ¬ represents indentation for the privilege hierarchy in the UI. Last updated for vSphere 6.5.

Privilege in vSphere API	Label in vSphere Client UI
Alarm	"Alarms"
Alarm.Acknowledge	¬ "Acknowledge alarm"
Alarm.Create	¬ "Create alarm"
Alarm.Delete	¬ "Remove alarm"
Alarm.DisableActions	¬ "Disable alarm action"
Alarm.Edit	¬ "Modify alarm"
Alarm.SetStatus	¬ "Set alarm status"
Authorization	"Permissions"
Authorization.ModifyPermissions	¬ "Modify permission"
Authorization.ModifyPrivileges	¬ "Modify privilege"
Authorization.ModifyRoles	¬ "Modify role"
Authorization.ReassignRolePermissions	¬ "Reassign role permissions"
Certificate	"Certificates"
Certificate.Manage	¬ "Manage certificates"
ComputeResource	"Compute resource"
Cryptographer	"Cryptographic operations"
Cryptographer.Access	¬ "Direct Access"
Cryptographer.AddDisk	¬ "Add disk"
Cryptographer.Clone	¬ "Clone"
Cryptographer.Decrypt	¬ "Decrypt"
Cryptographer.Encrypt	¬ "Encrypt"
Cryptographer.EncryptNew	¬ "Encrypt new"
Cryptographer.ManageEncryptionPolicy	¬ "Manage encryption policies"
Cryptographer.ManageKeyServers	¬ "Manage KMS"
Cryptographer.ManageKeys	¬ "Manage keys"
Cryptographer.Migrate	¬ "Migrate"
Cryptographer.Recrypt	¬ "Recrypt"
Cryptographer.RegisterHost	¬ "Register host"
Cryptographer.RegisterVM	¬ "Register VM"
DVPortgroup	"dvPort group"
DVPortgroup.Create	¬ "Create"
DVPortgroup.Delete	¬ "Delete"
DVPortgroup.Modify	¬ "Modify"
DVPortgroup.PolicyOp	¬ "Policy operation"
DVPortgroup.ScopeOp	¬ "Scope operation"
DVSwitch	"Distributed switch"
DVSwitch.Create	¬ "Create"
DVSwitch.Delete	¬ "Delete"
DVSwitch.HostOp	¬ "Host operation"
DVSwitch.Modify	¬ "Modify"
DVSwitch.Move	¬ "Move"
DVSwitch.PolicyOp	¬ "Policy operation"
DVSwitch.PortConfig	¬ "Port configuration operation"
DVSwitch.PortSetting	¬ "Port setting operation"
DVSwitch.ResourceManagement	¬ "Network I/O control operation"
DVSwitch.Vspan	¬ "VSPAN operation"
Datacenter	"Datacenter"
Datacenter.Create	¬ "Create datacenter"
Datacenter.Delete	¬ "Remove datacenter"
Datacenter.IpPoolConfig	¬ "Network protocol profile configuration"
Datacenter.IpPoolQueryAllocations	¬ "Query IP pool allocation"
Datacenter.IpPoolReleaseIp	¬ "Release IP allocation"
Datacenter.Move	¬ "Move datacenter"
Datacenter.Reconfigure	¬ "Reconfigure datacenter"
Datacenter.Rename	¬ "Rename datacenter"
Datastore	"Datastore"
Datastore.AllocateSpace	¬ "Allocate space"
Datastore.Browse	¬ "Browse datastore"
Datastore.Config	¬ "Configure datastore"
Datastore.Delete	¬ "Remove datastore"
Datastore.DeleteFile	¬ "Remove file"
Datastore.FileManagement	¬ "Low level file operations"
Datastore.Move	¬ "Move datastore"
Datastore.Rename	¬ "Rename datastore"
Datastore.UpdateVirtualMachineFiles	¬ "Update virtual machine files"
Datastore.UpdateVirtualMachineMetadata	¬ "Update virtual machine metadata"
EAM	"ESX Agent Manager"
EAM.Config	¬ "Config"
EAM.Modify	¬ "Modify"
EAM.View	¬ "View"
Extension	"Extension"
Extension.Register	¬ "Register extension"
Extension.Unregister	¬ "Unregister extension"
Extension.Update	¬ "Update extension"
ExternalStatsProvider	"External stats provider"
ExternalStatsProvider.Register	¬ "Register"
ExternalStatsProvider.Unregister	¬ "Unregister"
ExternalStatsProvider.Update	¬ "Update"
Folder	"Folder"
Folder.Create	¬ "Create folder"
Folder.Delete	¬ "Delete folder"
Folder.Move	¬ "Move folder"
Folder.Rename	¬ "Rename folder"
Global	"Global"
Global.CancelTask	¬ "Cancel task"
Global.CapacityPlanning	¬ "Capacity planning"
Global.Diagnostics	¬ "Diagnostics"
Global.DisableMethods	¬ "Disable methods"
Global.EnableMethods	¬ "Enable methods"
Global.GlobalTag	¬ "Global tag"
Global.Health	¬ "Health"
Global.Licenses	¬ "Licenses"
Global.LogEvent	¬ "Log event"
Global.ManageCustomFields	¬ "Manage custom attributes"
Global.ManagePolicies	¬ "Manage policies"
Global.PolicyEditorSuperUser	¬ "Policy editor SuperUser"
Global.Proxy	¬ "Proxy"
Global.ScriptAction	¬ "Script action"
Global.ServiceManagers	¬ "Service managers"
Global.SetCustomField	¬ "Set custom attribute"
Global.Settings	¬ "Settings"
Global.SystemTag	¬ "System tag"
Global.VCServer	¬ "Act as vCenter Server"
HealthUpdateProvider	"Health update provider"
HealthUpdateProvider.Register	¬ "Register"
HealthUpdateProvider.Unregister	¬ "Unregister"
HealthUpdateProvider.Update	¬ "Update"
Host	"Host"
Host.Amqp	¬ "AMQP"
Host.Amqp.AmqpInteraction	¬ ¬ "AMQP interaction"
Host.Cim	¬ "CIM"
Host.Cim.CimInteraction	¬ ¬ "CIM interaction"
Host.Config	¬ "Configuration"
Host.Config.AdvancedConfig	¬ ¬ "Advanced settings"
Host.Config.AuthenticationStore	¬ ¬ "Authentication Store"
Host.Config.AutoStart	¬ ¬ "Virtual machine autostart configuration"
Host.Config.Connection	¬ ¬ "Connection"
Host.Config.DateTime	¬ ¬ "Change date and time settings"
Host.Config.Firmware	¬ ¬ "Firmware"
Host.Config.HyperThreading	¬ ¬ "Hyperthreading"
Host.Config.Image	¬ ¬ "Image configuration"
Host.Config.Locker	¬ ¬ "Locker"
Host.Config.Maintenance	¬ ¬ "Maintenance"
Host.Config.Memory	¬ ¬ "Memory configuration"
Host.Config.NetService	¬ ¬ "Security profile and firewall"
Host.Config.Network	¬ ¬ "Network configuration"
Host.Config.Nvdimm	¬ ¬ "NVDIMM"
Host.Config.Patch	¬ ¬ "Query patch"
Host.Config.PciPassthru	¬ ¬ "Change PciPassthru settings"
Host.Config.Power	¬ ¬ "Power"
Host.Config.Quarantine	¬ ¬ "Quarantine"
Host.Config.Resources	¬ ¬ "System resources"
Host.Config.Settings	¬ ¬ "Change settings"
Host.Config.Snmp	¬ ¬ "Change SNMP settings"
Host.Config.Storage	¬ ¬ "Storage partition configuration"
Host.Config.SystemManagement	¬ ¬ "System Management"
Host.Hbr	¬ "vSphere Replication"
Host.Hbr.HbrManagement	¬ ¬ "Manage replication"
Host.Inventory	¬ "Inventory"
Host.Inventory.AddHostToCluster	¬ ¬ "Add host to cluster"
Host.Inventory.AddStandaloneHost	¬ ¬ "Add standalone host"
Host.Inventory.CreateCluster	¬ ¬ "Create cluster"
Host.Inventory.DeleteCluster	¬ ¬ "Remove cluster"
Host.Inventory.EditCluster	¬ ¬ "Modify cluster"
Host.Inventory.MoveCluster	¬ ¬ "Move cluster or standalone host"
Host.Inventory.MoveHost	¬ ¬ "Move host"
Host.Inventory.RemoveHostFromCluster	¬ ¬ "Remove host"
Host.Inventory.RenameCluster	¬ ¬ "Rename cluster"
Host.Local	¬ "Local operations"
Host.Local.CreateVM	¬ ¬ "Create virtual machine"
Host.Local.DeleteVM	¬ ¬ "Delete virtual machine"
Host.Local.InstallAgent	¬ ¬ "Add host to vCenter"
Host.Local.ManageUserGroups	¬ ¬ "Manage user groups"
Host.Local.ReconfigVM	¬ ¬ "Reconfigure virtual machine"
ImageLibrary	"Image library"
ImageLibrary.Manage	¬ "Manage"
Network	"Network"
Network.Assign	¬ "Assign network"
Network.Config	¬ "Configure"
Network.Delete	¬ "Remove"
Network.Move	¬ "Move network"
Performance	"Performance"
Performance.ModifyIntervals	¬ "Modify intervals"
Policy	"Policy"
Policy.Apply	¬ "Apply"
Profile	"Host profile"
Profile.Clear	¬ "Clear"
Profile.Create	¬ "Create"
Profile.Delete	¬ "Delete"
Profile.Edit	¬ "Edit"
Profile.Export	¬ "Export"
Profile.View	¬ "View"
Resource	"Resource"
Resource.ApplyRecommendation	¬ "Apply recommendation"
Resource.AssignVAppToPool	¬ "Assign vApp to resource pool"
Resource.AssignVMToPool	¬ "Assign virtual machine to resource pool"
Resource.ColdMigrate	¬ "Migrate powered off virtual machine"
Resource.CreatePool	¬ "Create resource pool"
Resource.DeletePool	¬ "Remove resource pool"
Resource.EditPool	¬ "Modify resource pool"
Resource.HotMigrate	¬ "Migrate powered on virtual machine"
Resource.MovePool	¬ "Move resource pool"
Resource.QueryVMotion	¬ "Query vMotion"
Resource.RenamePool	¬ "Rename resource pool"
ScheduledTask	"Scheduled task"
ScheduledTask.Cancel	¬ "Cancel task"
ScheduledTask.Create	¬ "Create tasks"
ScheduledTask.Delete	¬ "Remove task"
ScheduledTask.Edit	¬ "Modify task"
ScheduledTask.Run	¬ "Run task"
Sessions	"Sessions"
Sessions.GlobalMessage	¬ "Message"
Sessions.ImpersonateUser	¬ "Impersonate user"
Sessions.TerminateSession	¬ "View and stop sessions"
Sessions.ValidateSession	¬ "Validate session"
StoragePod	"Datastore cluster"
StoragePod.Config	¬ "Configure a datastore cluster"
StorageProfile	"Profile-driven storage"
StorageProfile.Update	¬ "Profile-driven storage update"
StorageProfile.View	¬ "Profile-driven storage view"
StorageViews	"Storage views"
StorageViews.ConfigureService	¬ "Configure service"
StorageViews.View	¬ "View"
System	"System"
System.Anonymous	¬ "Anonymous"
System.Read	¬ "Read"
System.View	¬ "View"
Task	"Tasks"
Task.Create	¬ "Create task"
Task.Update	¬ "Update task"
TroubleShooting	"Troubleshooting"
TroubleShooting.all	¬ "All"
VApp	"vApp"
VApp.ApplicationConfig	¬ "vApp application configuration"
VApp.AssignResourcePool	¬ "Assign resource pool"
VApp.AssignVApp	¬ "Assign vApp"
VApp.AssignVM	¬ "Add virtual machine"
VApp.Clone	¬ "Clone"
VApp.Create	¬ "Create"
VApp.Delete	¬ "Delete"
VApp.Export	¬ "Export"
VApp.ExtractOvfEnvironment	¬ "View OVF environment"
VApp.Import	¬ "Import"
VApp.InstanceConfig	¬ "vApp instance configuration"
VApp.ManagedByConfig	¬ "vApp managedBy configuration"
VApp.Move	¬ "Move"
VApp.PowerOff	¬ "Power off"
VApp.PowerOn	¬ "Power on"
VApp.Rename	¬ "Rename"
VApp.ResourceConfig	¬ "vApp resource configuration"
VApp.Suspend	¬ "Suspend"
VApp.Unregister	¬ "Unregister"
VirtualMachine	"Virtual machine"
VirtualMachine.Config	¬ "Configuration"
VirtualMachine.Config.AddExistingDisk	¬ ¬ "Add existing disk"
VirtualMachine.Config.AddNewDisk	¬ ¬ "Add new disk"
VirtualMachine.Config.AddRemoveDevice	¬ ¬ "Add or remove device"
VirtualMachine.Config.AddRemoveRawDevice	¬ ¬ "Add/remove raw device"
VirtualMachine.Config.AdvancedConfig	¬ ¬ "Advanced"
VirtualMachine.Config.Annotation	¬ ¬ "Set annotation"
VirtualMachine.Config.CPUCount	¬ ¬ "Change CPU count"
VirtualMachine.Config.ChangeTracking	¬ ¬ "Disk change tracking"
VirtualMachine.Config.DiskExtend	¬ ¬ "Extend virtual disk"
VirtualMachine.Config.DiskLease	¬ ¬ "Disk lease"
VirtualMachine.Config.EditDevice	¬ ¬ "Modify device settings"
VirtualMachine.Config.HostUSBDevice	¬ ¬ "Host USB device"
VirtualMachine.Config.ManagedBy	¬ ¬ "Configure managedBy"
VirtualMachine.Config.Memory	¬ ¬ "Memory"
VirtualMachine.Config.MksControl	¬ ¬ "Display connection settings"
VirtualMachine.Config.QueryFTCompatibility	¬ ¬ "Query Fault Tolerance compatibility"
VirtualMachine.Config.QueryUnownedFiles	¬ ¬ "Query unowned files"
VirtualMachine.Config.RawDevice	¬ ¬ "Raw device"
VirtualMachine.Config.ReloadFromPath	¬ ¬ "Reload from path"
VirtualMachine.Config.RemoveDisk	¬ ¬ "Remove disk"
VirtualMachine.Config.Rename	¬ ¬ "Rename"
VirtualMachine.Config.ResetGuestInfo	¬ ¬ "Reset guest information"
VirtualMachine.Config.Resource	¬ ¬ "Change resource"
VirtualMachine.Config.Settings	¬ ¬ "Settings"
VirtualMachine.Config.SwapPlacement	¬ ¬ "Swapfile placement"
VirtualMachine.Config.UpgradeVirtualHardware	¬ ¬ "Upgrade virtual machine compatibility"
VirtualMachine.GuestOperations	¬ "Guest operations"
VirtualMachine.GuestOperations.Execute	¬ ¬ "Guest operation program execution"
VirtualMachine.GuestOperations.Modify	¬ ¬ "Guest operation modifications"
VirtualMachine.GuestOperations.ModifyAliases	¬ ¬ "Guest operation alias modification"
VirtualMachine.GuestOperations.Query	¬ ¬ "Guest operation queries"
VirtualMachine.GuestOperations.QueryAliases	¬ ¬ "Guest operation alias query"
VirtualMachine.Hbr	¬ "vSphere Replication"
VirtualMachine.Hbr.ConfigureReplication	¬ ¬ "Configure replication"
VirtualMachine.Hbr.MonitorReplication	¬ ¬ "Monitor replication"
VirtualMachine.Hbr.ReplicaManagement	¬ ¬ "Manage replication"
VirtualMachine.Interact	¬ "Interaction"
VirtualMachine.Interact.AnswerQuestion	¬ ¬ "Answer question"
VirtualMachine.Interact.Backup	¬ ¬ "Backup operation on virtual machine"
VirtualMachine.Interact.ConsoleInteract	¬ ¬ "Console interaction"
VirtualMachine.Interact.CreateScreenshot	¬ ¬ "Create screenshot"
VirtualMachine.Interact.CreateSecondary	¬ ¬ "Turn on Fault Tolerance"
VirtualMachine.Interact.DefragmentAllDisks	¬ ¬ "Defragment all disks"
VirtualMachine.Interact.DeviceConnection	¬ ¬ "Device connection"
VirtualMachine.Interact.DisableSecondary	¬ ¬ "Suspend Fault Tolerance"
VirtualMachine.Interact.DnD	¬ ¬ "Drag and drop"
VirtualMachine.Interact.EnableSecondary	¬ ¬ "Resume Fault Tolerance"
VirtualMachine.Interact.GuestControl	¬ ¬ "Guest operating system management by VIX API"
VirtualMachine.Interact.MakePrimary	¬ ¬ "Test failover"
VirtualMachine.Interact.Pause	¬ ¬ "Pause or Unpause"
VirtualMachine.Interact.PowerOff	¬ ¬ "Power off"
VirtualMachine.Interact.PowerOn	¬ ¬ "Power on"
VirtualMachine.Interact.PutUsbScanCodes	¬ ¬ "Inject USB HID scan codes"
VirtualMachine.Interact.Record	¬ ¬ "Record session on virtual machine"
VirtualMachine.Interact.Replay	¬ ¬ "Replay session on virtual machine"
VirtualMachine.Interact.Reset	¬ ¬ "Reset"
VirtualMachine.Interact.SESparseMaintenance	¬ ¬ "Perform wipe or shrink operations"
VirtualMachine.Interact.SetCDMedia	¬ ¬ "Configure CD media"
VirtualMachine.Interact.SetFloppyMedia	¬ ¬ "Configure floppy media"
VirtualMachine.Interact.Suspend	¬ ¬ "Suspend"
VirtualMachine.Interact.TerminateFaultTolerantVM	¬ ¬ "Test restart Secondary VM"
VirtualMachine.Interact.ToolsInstall	¬ ¬ "VMware Tools install"
VirtualMachine.Interact.TurnOffFaultTolerance	¬ ¬ "Turn off Fault Tolerance"
VirtualMachine.Inventory	¬ "Inventory"
VirtualMachine.Inventory.Create	¬ ¬ "Create new"
VirtualMachine.Inventory.CreateFromExisting	¬ ¬ "Create from existing"
VirtualMachine.Inventory.Delete	¬ ¬ "Remove"
VirtualMachine.Inventory.Move	¬ ¬ "Move"
VirtualMachine.Inventory.Register	¬ ¬ "Register"
VirtualMachine.Inventory.Unregister	¬ ¬ "Unregister"
VirtualMachine.Namespace	¬ "Service configuration"
VirtualMachine.Namespace.Event	¬ ¬ "Allow notifications"
VirtualMachine.Namespace.EventNotify	¬ ¬ "Allow polling of global event notifications"
VirtualMachine.Namespace.Management	¬ ¬ "Manage service configurations"
VirtualMachine.Namespace.ModifyContent	¬ ¬ "Modify service configuration"
VirtualMachine.Namespace.Query	¬ ¬ "Query service configurations"
VirtualMachine.Namespace.ReadContent	¬ ¬ "Read service configuration"
VirtualMachine.Provisioning	¬ "Provisioning"
VirtualMachine.Provisioning.Clone	¬ ¬ "Clone virtual machine"
VirtualMachine.Provisioning.CloneTemplate	¬ ¬ "Clone template"
VirtualMachine.Provisioning.ConsolidateDisks	¬ ¬ "Consolidate disks"
VirtualMachine.Provisioning.CreateTemplateFromVM	¬ ¬ "Create template from virtual machine"
VirtualMachine.Provisioning.Customize	¬ ¬ "Customize"
VirtualMachine.Provisioning.DeployTemplate	¬ ¬ "Deploy template"
VirtualMachine.Provisioning.DiskRandomAccess	¬ ¬ "Allow disk access"
VirtualMachine.Provisioning.DiskRandomRead	¬ ¬ "Allow read-only disk access"
VirtualMachine.Provisioning.FileRandomAccess	¬ ¬ "Allow file access"
VirtualMachine.Provisioning.GetVmFiles	¬ ¬ "Allow virtual machine download"
VirtualMachine.Provisioning.MarkAsTemplate	¬ ¬ "Mark as template"
VirtualMachine.Provisioning.MarkAsVM	¬ ¬ "Mark as virtual machine"
VirtualMachine.Provisioning.ModifyCustSpecs	¬ ¬ "Modify customization specification"
VirtualMachine.Provisioning.PromoteDisks	¬ ¬ "Promote disks"
VirtualMachine.Provisioning.PutVmFiles	¬ ¬ "Allow virtual machine files upload"
VirtualMachine.Provisioning.ReadCustSpecs	¬ ¬ "Read customization specifications"
VirtualMachine.State	¬ "Snapshot management"
VirtualMachine.State.CreateSnapshot	¬ ¬ "Create snapshot"
VirtualMachine.State.RemoveSnapshot	¬ ¬ "Remove snapshot"
VirtualMachine.State.RenameSnapshot	¬ ¬ "Rename snapshot"
VirtualMachine.State.RevertToSnapshot	¬ ¬ "Revert to snapshot"

All

Map vSphere API privileges to vSphere Web Client UI

Map vSphere API privileges to vSphere Web Client UI