Privileges for Scanning ESXi Hosts

To successfully authenticate and audit each ESXi host, we'll need a service credential with at least Read-Only access to the ESXi host. The account must also have privileges to read SNMP, Software, VIBs, Users and Kernel modules. Tip - The system defined Read-Only role cannot be changed so you'll need to make a clone in order to add privileges.

How to create a role with required privileges

- Edit the role assigned to the scanner account.

- Add privileges to the role (see table below)

- Click OK to save your changes.

- Verify that the scanner account has the proper role assigned, and add it to your VMware record.

Are your ESXi hosts joined to an Active Directory domain? If yes, then a Domain-level credential can be used. If not, then an individual credential on each target machine will be required.

Scanning ESXi hosts using ESXi credentials

Version

Privileges Needed

How to set privileges

ESXi 6.5, 6.0

Global.Settings

Host.Config.Change settings

Authorization.ModifyPermissions

Expand Global and select "Settings"

Expand Host > Configuration and select "Change settings"

Expand Permissions and select "Modify permission"

ESXi 5.5, 5.0

Global.Settings

Host.Config.Change settings

Expand Global and select "Settings"

Expand Host > Configuration and select "Change settings"

Scanning ESXi hosts using vCenter credentials

Version

Privileges Needed

How to set privileges

All Versions

Global.Settings

Host.Config.Change settings

Expand Global and select "Settings"

Expand Host > Configuration and select "Change settings"