I recently installed Management Pack for Storage Devices at a customer site. The customer were required to use a service account which had limited privileges in vCenter. The account had the bare minimum needed for vRops to collect data from vCenter. Using the bare minimums for collecting data wasn’t sufficient for the Management Pack for Storage Devices. Found me self needing to find the least user privilege for Management Pack for Storage Devices. I looked at the documentation, but no answer there, so I then reached out to GSS which I later abandon as we were going no where fast. So I jumped into my favorite log analytics tool, Log Insight and started going through the logs in regards to the error (I will write another blog post about how I did it). After 15 minutes I had covered all the user rights needed and added them to the role of the service account in vCenter and the Management Pack for Storage Devices had started collecting data from the environment.

Least user privilege for Management Pack for Storage Devices

This is the user privileges as I found them to be needed for the Management Pack for Storage Devices. The first three lines where the “ParentGroup” is “System”. Is part of any vCenter role, basically its what gives you read-only rights in vCenter. The next four lines where the “ParentGroup” is “Global” or “Extension”. This is the most basic user rights needed to login to vCenter. Without these you won’t even get the user to login to vCenter. The last four lines which are the once that you need to set explicitly. So that the role to have the right privilege to collect the data around storage which the Management Pack for Storage Devices needs.

Name ParentGroup Id Anonymous System System.Anonymous View System System.View Read System System.Read Licenses Global Global.Licenses Register extension Extension Extension.Register Update extension Extension Extension.Update Unregister extension Extension Extension.Unregister Storage partition configuration Configuration Host.Config.Storage CIM interaction CIM Host.Cim.CimInteraction Profile-driven storage view Profile-driven storage StorageProfile.View View Storage views StorageViews.View

Finally, that’s all. Quite simple right. You should check out the Management Pack for Storage Devices. It can be download it from solutionexchange.vmware.com. Which is a store for downloading extensions for product such as vRops and Log Insight. Here is the direct link to the Management Pack for Storage Devices.

That was all – Please use the bottoms below to share it.