I have a service account with read only permissions, and I can retrieve almost everything I need with it, except for host serial numbers.
Ex.
$esxcli = (Get-EsxCli -VMHost $vmhost.Name)
$esxcli.hardware.platform.get()
returns:
Permission to perform this operation was denied. Required privilege
'Host.Config.Settings' on managed object with id
'ReflectManagedMethodExecuter-ManagedMethodExecuter
Get-VMHostHardware also requires additional perms.
So it appears I need to create a custom role with additional permissions. But I'm unsure which permissions to grant to an account that should be as close to read only as possible.
Any input appreciated.
Keith
