How to Define VMware vSphere User Privileges for XenApp and XenDesktop

How to Define VMware vSphere User Privileges for XenApp and XenDesktop

book

Article ID: CTX214389

calendar_today

Updated On:

Description

This article lists the user privileges required to successfully create and manage VMware vSphere machines through XenApp and XenDesktop.

Note: Create AppDisks and Delete AppDisks sections of this article are valid only for VMware vSphere minimum version 5.5 and XenApp and XenDesktop minimum version 7.8).

Instructions

Create a VMware user account and one or more VMware roles with a set or all of the privileges listed below. Base the roles' creation on the specific level of granularly required over the user’s permissions to request the various XenApp or XenDesktop operations at any time. To grant the user specific permissions at any point, associate them with the respective role, at the DataCenter level at a minimum.

The following tables show the mappings between XenApp and XenDesktop operations and the minimum required VMware privileges.

Add connection and resources

SDKUser Interface
System.Anonymous, System.Read, and System.ViewAdded automatically. Can use the built-in Read-only role.

Provision machines (Machine Creation Services)

SDKUser Interface
Datastore.AllocateSpaceDatastore > Allocate space
Datastore.BrowseDatastore > Browse datastore
Datastore.FileManagementDatastore > Low level file operations
Network.AssignNetwork > Assign network
Resource.AssignVMToPoolResource > Assign virtual machine to resource pool
VirtualMachine.Config.AddExistingDiskVirtual machine > Configuration > Add existing disk
VirtualMachine.Config.AddNewDiskVirtual machine > Configuration > Add new disk
VirtualMachine.Config.AdvancedConfigVirtual machine > Configuration > Advanced
VirtualMachine.Config.RemoveDiskVirtual machine > Configuration > Remove disk
VirtualMachine.Interact.PowerOffVirtual machine > Interaction > Power Off
VirtualMachine.Interact.PowerOnVirtual machine > Interaction > Power On
VirtualMachine.Inventory.CreateFromExistingVirtual machine > Inventory > Create from existing
VirtualMachine.Inventory.CreateVirtual machine > Inventory > Create new
VirtualMachine.Inventory.DeleteVirtual machine > Inventory > Remove
VirtualMachine.Provisioning.CloneVirtual machine > Provisioning > Clone virtual machine
VirtualMachine.State.CreateSnapshotvSphere 5.0, Update 2 and vSphere 5.1, Update 1: Virtual machine > State > Create snapshot
vSphere 5.5: Virtual machine > Snapshot management > Create snapshot

If you want the VMs you create to be tagged, add the following permissions for the user account:

SDKUser Interface
Global.ManageCustomFieldsGlobal > Manage custom attributes
Global.SetCustomFieldGlobal > Set custom attribute

To ensure that you use a clean base image for creating new VMs, tag VMs created with Machine Creation Services to exclude them from the list of VMs available to use as base images.

Provision machines (Provisioning Services)

All privileges from “Provision machines (Machine Creation Services)” and:

SDKUser Interface
VirtualMachine.Config.AddRemoveDeviceVirtual machine > Configuration > Add or remove device
VirtualMachine.Config.CPUCountVirtual machine > Configuration > Change CPU Count
VirtualMachine.Config.MemoryVirtual machine > Configuration > Memory
VirtualMachine.Config.SettingsVirtual machine > Configuration > Settings
VirtualMachine.Provisioning.CloneTemplateVirtual machine > Provisioning > Clone template
VirtualMachine.Provisioning.DeployTemplateVirtual machine > Provisioning > Deploy template

Power management

SDKUser Interface
VirtualMachine.Interact.PowerOffVirtual machine > Interaction > Power Off
VirtualMachine.Interact.PowerOnVirtual machine > Interaction > Power On
VirtualMachine.Interact.ResetVirtual machine > Interaction > Reset
VirtualMachine.Interact.SuspendVirtual machine > Interaction > Suspend

Image update and rollback

SDKUser Interface
Datastore.AllocateSpaceDatastore > Allocate space
Datastore.BrowseDatastore > Browse datastore
Datastore.FileManagementDatastore > Low level file operations
Network.AssignNetwork > Assign network
Resource.AssignVMToPoolResource > Assign virtual machine to resource pool
VirtualMachine.Config.AddExistingDiskVirtual machine > Configuration > Add existing disk
VirtualMachine.Config.AddNewDiskVirtual machine > Configuration > Add new disk
VirtualMachine.Config.AdvancedConfigVirtual machine > Configuration > Advanced
VirtualMachine.Config.RemoveDiskVirtual machine > Configuration > Remove disk
VirtualMachine.Interact.PowerOffVirtual machine > Interaction > Power Off
VirtualMachine.Interact.PowerOnVirtual machine > Interaction > Power On
VirtualMachine.Interact.ResetVirtual machine > Interaction > Reset
VirtualMachine.Inventory.CreateFromExistingVirtual machine > Inventory > Create from existing
VirtualMachine.Inventory.CreateVirtual machine > Inventory > Create new
VirtualMachine.Inventory.DeleteVirtual machine > Inventory > Remove
VirtualMachine.Provisioning.CloneVirtual machine > Provisioning > Clone virtual machine

Delete provisioned machines

SDKUser Interface
Datastore.BrowseDatastore > Browse datastore
Datastore.FileManagementDatastore > Low level file operations
VirtualMachine.Config.RemoveDiskVirtual machine > Configuration > Remove disk
VirtualMachine.Interact.PowerOffVirtual machine > Interaction > Power Off
VirtualMachine.Inventory.DeleteVirtual machine > Inventory > Remove

Create AppDisks (valid for VMware vSphere minimum version 5.5 and XenApp and XenDesktop minimum version 7.8)

SDKUser Interface
Datastore.AllocateSpaceDatastore > Allocate space
Datastore.BrowseDatastore > Browse datastore
Datastore.FileManagementDatastore > Low level file operations
VirtualMachine.Config.AddExistingDiskVirtual machine > Configuration > Add existing disk
VirtualMachine.Config.AddNewDiskVirtual machine > Configuration > Add new disk
VirtualMachine.Config.AdvancedConfigVirtual machine > Configuration > Advanced
VirtualMachine.Config.EditDeviceVirtual machine > Configuration > Modify Device Settings
VirtualMachine.Config.RemoveDiskVirtual machine > Configuration > Remove disk
VirtualMachine.Interact.PowerOffVirtual machine > Interaction > Power Off
VirtualMachine.Interact.PowerOnVirtual machine > Interaction > Power On

Delete AppDisks (valid for VMware vSphere minimum version 5.5 and XenApp and XenDesktop minimum version 7.8)

SDKUser Interface
Datastore.BrowseDatastore > Browse datastore
Datastore.FileManagementDatastore > Low level file operations
VirtualMachine.Config.RemoveDiskVirtual machine > Configuration > Remove disk
VirtualMachine.Interact.PowerOffVirtual machine > Interaction > Power Off

Issue/Introduction

This article lists the user privileges required to successfully create and manage VMware vSphere machines through XenApp and XenDesktop.
Powered by Wolken Software