The credentials you enter are used to retrieve the vCenter inventory and to perform any activities requested as part of vRO workflows within vCenter e.g. if you run a workflow that creates a virtual machine, vRO will connect to vCenter using the entered credentials to log in and create the new VM. So the account used needs to have sufficient permissions to access all parts of the vCenter inventory that you want to orchestrate via vRO.
1 person found this helpful
Well, what you said is correct only when the vCenter server instance is added in so called 'shared session' mode.
The 'Add a vCenter Server instance' workflow provides an option to select also another mode - 'session per user' - in which case the credentials supplied in the workflow will be used only for registration purposes, but when later you perform another operation that calls vCenter API, the call will be made using the account of the current user. For example, if you login to vRO Java client with email@example.com account and run some vCenter-related workflow like 'Rename VM', the operation on the vCenter will be invoked using firstname.lastname@example.org account and not the account you supplied earlier in the workflow 'Add a vCenter Server instance'.