added section on vCenter privileges

Change-Id: Ifdeba4bd4a20b547f876eb81fb882c58ff76a62c
pmenglund · Apr 12, 2012 · 8b19bc0 · 8b19bc0
1 parent b315aa9
commit 8b19bc0
Showing 1 changed file with 171 additions and 0 deletions.
diff --git a/bosh/documentation/documentation.md b/bosh/documentation/documentation.md
@@ -36,6 +36,177 @@ The IaaS interface plugins communicate through a Cloud Provider Interface (CPI)
 
 Please refer to the API documentation in these files for further explanation of the CPI primitives.
 
+### vCenter CPI ###
+
+If you want to create a role for the bosh user in vCenter, these are the privileges needed:
+
+* **Datastore**
+    * allocate space
+    * browse datastore
+    * low-level file operations
+    * remove file
+    * update virtual machine files
+* **Folder (ALL)**
+    * create folder
+    * delete folder
+    * move folder
+    * rename folder
+* **Global**
+    * cancel task
+    * diagnostics
+* **Host**
+    * **Configuration (ALL)**
+        * advanced settings
+        * authentication store
+        * change date & time settings
+        * change PCIPassthru settings
+        * change SNMP settings
+        * connection
+        * firmware
+        * hyperthreading
+        * maintenance
+        * memory configuration
+        * network configuration
+        * power
+        * query patch
+        * security profile and firewall
+        * storage partition configuration
+        * system management
+        * system resources
+        * virtual machine auto-start configuration
+    * **Inventory (ALL)**
+        * add host to cluster
+        * add stand-alone host
+        * create cluster
+        * modify cluster
+        * move cluster or stand-alone host
+        * move host
+        * remove cluster
+        * remove host
+        * rename cluster
+    * **Local Operations**
+        * create virtual machine
+        * delete virtual machine
+        * reconfigure vitrual machine
+* **Network**
+    * assign network
+* **Resource (ALL)**
+    * apply recommendation
+    * assign vApp to resource pool
+    * assign vitrual machine to resource pool
+    * create resource pool
+    * migrate
+    * modify resource pool
+    * move resource pool
+    * query vmotion
+    * relocate
+    * remove resource pool
+    * rename resouce pool
+* **Scheduled Task (ALL)**
+    * create tasks
+    * modify tasks
+    * remove tasks
+    * run task
+* **Sessions**
+    * view and stop sessions
+* **Tasks (ALL)**
+    * create tasks
+    * update tasks
+* **vApp (ALL)**
+    * add virtual machine
+    * assign resource pool
+    * assign vApp
+    * clone
+    * create
+    * delete
+    * export
+    * import
+    * move
+    * power off
+    * power on
+    * rename
+    * suspend
+    * unregister
+    * vApp application configuration
+    * vApp instance configruation
+    * vApp resouce configuration
+    * view OVF environment
+* **Virtual Machine (ALL)**
+    * **Configuration (ALL)**
+        * add existing disk
+        * add new disk
+        * add or remove device
+        * advanced
+        * change CPU count
+        * change resouce
+        * disk change tracking
+        * disk lease
+        * extend virtul disk
+        * host USB device
+        * memory
+        * modify device settings
+        * query fault tolerance compatability
+        * query unowned files
+        * raw device
+        * reload from path
+        * remove disk
+        * rename
+        * reset guest information
+        * settings
+        * swap file placement
+        * unlock virtual machine
+        * upgrade virtual hardware
+    * **Interaction (ALL)**
+        * acquire guest control ticket
+        * answer question
+        * backup operation on virtual machine
+        * configure CD media
+        * configure floppy media
+        * console interaction
+        * create screenshot
+        * defragment all disks
+        * device connection
+        * disable fault tolerance
+        * enable fault tolerance
+        * power off
+        * power on
+        * record session on virtual machine
+        * replay session on virtual machine
+        * reset
+        * suspend
+        * test failover
+        * test restart secondary VM
+        * turn off fault tolerance
+        * turn on fault tolerance
+        * VMware Tools install
+    * **Inventory (ALL)**
+        * create from existing
+        * create new
+        * move
+        * register
+        * remove
+        * unregister
+    * **Provisioning (ALL)**
+        * allow disk access
+        * allow read-only disk access
+        * allow virtual machine download
+        * allow virtual machine files upload
+        * clone template
+        * clone virtual machine
+        * create templace from virtual machine
+        * customize
+        * deploy template
+        * mark as template
+        * mark as virtual machine
+        * modify customization specification
+        * promote disks
+        * read customization specifications
+    * **State (ALL)**
+        * create snapshot
+        * remove snapshot
+        * rename snapshot
+        * revert to snapshot
+
 ## BOSH Director ##
 
 The Director is the core orchestrating component in BOSH which controls creation of VMs, deployment, and other life cycle events of software and services. Command and control is handed over to the the Director-Agent interaction after the CPI has created resources.