Least user privilege for Management Pack for Storage Devices

Posted on Posted in Log Insight, vRops

I recently installed Management Pack for Storage Devices at a customer site. The customer were required to use a service account which had limited privileges in vCenter. The account had the bare minimum needed for vRops to collect data from vCenter. Using the bare minimums for collecting data wasn’t sufficient for the Management Pack for Storage Devices. Found me self needing to find the least user privilege for Management Pack for Storage Devices. I looked at the documentation, but no answer there, so I then reached out to GSS which I later abandon as we were going no where fast. So I jumped into my favorite log analytics tool, Log Insight and started going through the logs in regards to the error (I will write another blog post about how I did it). After 15 minutes I had covered all the user rights needed and added them to the role of the service account in vCenter and the Management Pack for Storage Devices had started collecting data from the environment.

Least user privilege for Management Pack for Storage Devices

This is the user privileges as I found them to be needed for the Management Pack for Storage Devices. The first three lines where the “ParentGroup” is “System”. Is part of any vCenter role, basically its what gives you read-only rights in vCenter. The next four lines where the “ParentGroup” is “Global” or “Extension”. This is the most basic user rights needed to login to vCenter. Without these you won’t even get the user to login to vCenter. The last four lines which are the once that you need to set explicitly. So that the role to have the right privilege to collect the data around storage which the Management Pack for Storage Devices needs.

 

NameParentGroupId
AnonymousSystemSystem.Anonymous
ViewSystemSystem.View
ReadSystemSystem.Read
LicensesGlobalGlobal.Licenses
Register extensionExtensionExtension.Register
Update extensionExtensionExtension.Update
Unregister extensionExtensionExtension.Unregister
Storage partition configurationConfigurationHost.Config.Storage
CIM interactionCIMHost.Cim.CimInteraction
Profile-driven storage viewProfile-driven storageStorageProfile.View
ViewStorage viewsStorageViews.View

 

Finally, that’s all. Quite simple right. You should check out the Management Pack for Storage Devices. It can be download it from solutionexchange.vmware.com. Which is a store for downloading extensions for product such as vRops and Log Insight. Here is the direct link to the  Management Pack for Storage Devices.

 

That was all – Please use the bottoms below to share it.