Hi

Until recently, I can't say exactly when, I was able to set the necessary permissions in vCenter with an account that didn't have many rights. I was able to do this with the following two commands.

New-VIPermission -Server $vmName -Principal $user -Role $role
or
Get-VM -Name $vmName | New-VIPermission -Role (Get-VIRole -Name $role) -Principal $user

Now I'm on vCenter version 7.0.3 Build:22357613
If I now do the same thing, I should always grant more permissions for the account so that "only" the VM permissions can be set.

New-VIPermission : DATE New-VIPermission Permission to perform this operation was denied. Required
privilege 'Datastore.AllocateSpace' on managed object with id 'VirtualMachine-vm-ID'.

Required privilege 'alarm.acknowledge'
Required privilege 'Datastore.AllocateSpace'
Required privilege 'Datastore.Browse'
Required privilege 'Datastore.Config'
Required privilege 'Extension.Register'
Required privilege 'Extension.Update'
Required privilege 'Folder.Create'
Required privilege 'Global.CancelTask'
Required privilege 'Global.GlobalTag'
Required privilege 'Global.Licenses'
and so forth ....

I stopped, I don't want an account that is so right (for us it's a service account). Has anyone noticed something similar? Can I solve this differently?