VMware Cloud Community
Luca82
Enthusiast
Enthusiast
‎03-18-2014 06:48 AM
Jump to solution

"Collector User (optional)" and minimun permission on vcenter

I'm just trying to setup a vcops and I'm a little bit confuse about the vcenter permission requirements.

First, the wizard asks me an OPTIONAL information about hosting vCenter Server (vcenter that hosts the vcops appliance????) ...why the appliance wants to know this information?

Then the wizard asks the information about the vcenter to monitor: "Registration User" and "Collector User (optional)"...what are the differences? Which are the minimum permission? I see in the admin guide that the user for collecting information could be an read-only user at root vcenter inventory...but nothing abou the Registration/Collector user.

Thank you.

0 Kudos
1 Solution

Accepted Solutions
mark_j
Virtuoso
Virtuoso
‎03-18-2014 09:16 AM
Jump to solution

Registration user and collector user are different, in that registration user need reg/unreg extension, license priv's, etc. Whereas the collector needs read+storage view:views+global:health.

These roles/perms are described in the release notes and what the specific priv req's are needed for each role.

If you don't specify a collector user, the registration user will be used for collection in addition to registration. Hence the "optional".

If you find this or any other answer useful please mark the answer as correct or helpful.

View solution in original post

0 Kudos
4 Replies
mark_j
Virtuoso
Virtuoso
‎03-18-2014 09:16 AM
Jump to solution

Registration user and collector user are different, in that registration user need reg/unreg extension, license priv's, etc. Whereas the collector needs read+storage view:views+global:health.

These roles/perms are described in the release notes and what the specific priv req's are needed for each role.

If you don't specify a collector user, the registration user will be used for collection in addition to registration. Hence the "optional".

If you find this or any other answer useful please mark the answer as correct or helpful.
0 Kudos
netopsdc
Contributor
Contributor
‎06-23-2014 07:48 AM
Jump to solution

fyi, I just set this up.

For the registration user I have:

Extension > ALL

Global > Licenses

The collector user has Read-only everywhere.

Ben

0 Kudos
mark_j
Virtuoso
Virtuoso
‎06-23-2014 08:04 AM
Jump to solution

As my previous post indicates , read-only everywhere is not sufficient for the collector user. You're missing storage view:views and global:health. Without these perms, disk space metric won't collect and vCenter/vSphere health won't be collected. As a result, the risk/efficiency badges won't have enough information to fully populate.

Please refer to the vC Ops release notes, as these perms are all clearly stated there.

If you find this or any other answer useful please mark the answer as correct or helpful.
0 Kudos
BenConrad
Expert
Expert
‎06-23-2014 09:20 AM
Jump to solution

Thanks Mark,

I create a new role (copy of read only) for the collector and added

Storage Views > View and now I am seeing the storage metrics you mentioned.

  • The user account you use for collecting data with vCenter Operations Manager determines the scope and accuracy of the monitoring data.
    • vCenter Operations Manager does not require administrator privileges to collect data from a vCenter Server. However, the scope of data collected depends on the privileges of the user you assign as the Collection user on the vCenter Operations Manager Administration portal. The minimum privileges required to collect data are Global: Health and Storage Views: View.
    • vCenter Operations Manager calculates metric values based only on visibility the Collection user has to the inventory. If certain objects are not visible, the values for these objects are not taken into account when calculating metrics for their container objects.

Ben

0 Kudos