Hi all,
I'm trying to determine least privileges for uploading OVFs so I can create a role for several users who need to be able to upload OVF to a vCenter to use with vRA.
Should I just create a role and then delete privileges one at time, and check if I still upload the OVF?
I can't think of a better way to determine least privileges.
What do you all think?
Thanks!
-Chris
You can use the API Reference to determine a set of privileges to start with.
For example, the ImportVApp method requires VApp.Import.
But you will definitely need other privileges, like for creating a VApp, using a Datastore ....
Unfortunately, afaik, there isn't a document that provides exact lists of privileges for each type of interaction with vSphere.
In the end, it is a trial-and-error process I'm afraid.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
You can use the API Reference to determine a set of privileges to start with.
For example, the ImportVApp method requires VApp.Import.
But you will definitely need other privileges, like for creating a VApp, using a Datastore ....
Unfortunately, afaik, there isn't a document that provides exact lists of privileges for each type of interaction with vSphere.
In the end, it is a trial-and-error process I'm afraid.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thanks Luc!
You are awesome!!