I would like to get an explanation of what each privilege in vSphere pertains to. For example, the Datastore.Configure-Datastore permission- what does it allow the user to do. Can the user add/remove datastores with this permission.
Please let me know if there is a granular list explaining each one.
VMware has good KB:
start from here:
I've seen that article:
Configure datastore | Allows configuration of a datastore. |
To me it doesn't really mean much. To configure a datastore is to do what? Add a datastore to a host or set permissions on a datastore, etc?
And here we go again:
Datastore Privileges (vmware.com)
And do not forget to open vCenter Permission Tab to check.
It works together.
Like I said in my previous post, what does the permission "Configure Datastore" actually provide? Does it allow the user to add a datastore to the hosts? I think "Configure" is too generic as a word to describe datastore permissions.
i believe "configure datastore" can configure properties of the datastore. PS example.
NAME
Set-Datastore
SYNOPSIS
This cmdlet modifies the properties of the specified datastore.
SYNTAX
Set-Datastore [-Datastore] <Datastore[]> [[-Name] <String>] [-CongestionThresholdMillisecond <Int32>] [-Server <VIServer[]>]
[-StorageIOControlEnabled <Boolean>] [-Confirm] [-WhatIf] [<CommonParameters>]
Set-Datastore [-Datastore] <Datastore[]> [-EvacuateAutomatically] -MaintenanceMode <Boolean> [-RunAsync] [-Server <VIServer[]>] [-Confirm]
[-WhatIf] [<CommonParameters>]
DESCRIPTION
This cmdlet modifies the properties of the specified datastore. You can use the following characters in a path, but not in a datastore name:
slash (/), backslash (\), and percent (%).