Log InsightvRops

Least user privilege for Management Pack for Storage Devices

I recently installed Management Pack for Storage Devices at a customer site. The customer were required to use a service account which had limited privileges in vCenter. The account had the bare minimum needed for vRops to collect data from vCenter. Using the bare minimums for collecting data wasn’t sufficient for the Management Pack for Storage Devices. Found me self needing to find the least user privilege for Management Pack for Storage Devices. I looked at the documentation, but no answer there, so I then reached out to GSS which I later abandon as we were going no where fast. So I jumped into my favorite log analytics tool, Log Insight and started going through the logs in regards to the error (I will write another blog post about how I did it). After 15 minutes I had covered all the user rights needed and added them to the role of the service account in vCenter and the Management Pack for Storage Devices had started collecting data from the environment.

Least user privilege for Management Pack for Storage Devices

This is the user privileges as I found them to be needed for the Management Pack for Storage Devices. The first three lines where the “ParentGroup” is “System”. Is part of any vCenter role, basically its what gives you read-only rights in vCenter. The next four lines where the “ParentGroup” is “Global” or “Extension”. This is the most basic user rights needed to login to vCenter. Without these you won’t even get the user to login to vCenter. The last four lines which are the once that you need to set explicitly. So that the role to have the right privilege to collect the data around storage which the Management Pack for Storage Devices needs.

 

Name ParentGroup Id
Anonymous System System.Anonymous
View System System.View
Read System System.Read
Licenses Global Global.Licenses
Register extension Extension Extension.Register
Update extension Extension Extension.Update
Unregister extension Extension Extension.Unregister
Storage partition configuration Configuration Host.Config.Storage
CIM interaction CIM Host.Cim.CimInteraction
Profile-driven storage view Profile-driven storage StorageProfile.View
View Storage views StorageViews.View

 

Finally, that’s all. Quite simple right. You should check out the Management Pack for Storage Devices. It can be download it from solutionexchange.vmware.com. Which is a store for downloading extensions for product such as vRops and Log Insight. Here is the direct link to the  Management Pack for Storage Devices.

 

That was all – Please use the bottoms below to share it.

Leave a Reply

Your email address will not be published. Required fields are marked *