https://community.netapp.com/t5/VMware-Solutions-Discussions/ONTAP-Tools-for-VMware-vSphere-service-account-permissions/m-p/453886#M10055 <P><a href="https://community.netapp.com/t5/user/viewprofilepage/user-id/12714">@ChanceBingen</a>&nbsp;- ty sir, appreciate it. We're going to try it out in our test/engineering labs</P> Wed, 10 Jul 2024 20:40:30 GMT prcpa8w3p 2024-07-10T20:40:30Z https://community.netapp.com/t5/VMware-Solutions-Discussions/ONTAP-Tools-for-VMware-vSphere-service-account-permissions/m-p/453266#M10037 <P>Setting up OTV using a service account and per our internal security team best practices, they won't allow us to give the service account administrator rights into vCenter.&nbsp;</P><P>&nbsp;</P><P>What are the granular permissions that we can grant to the service account that'll still allow us to both successfully install and manage OTV?</P><P>&nbsp;</P><P><U><STRONG>Configuration:&nbsp;</STRONG></U></P><P>vCenter: 8.0 Update 2</P><P>ONTAP: 9.13.1Px</P><P>OTV: 9.13P1</P> Tue, 18 Jun 2024 16:27:16 GMT https://community.netapp.com/t5/VMware-Solutions-Discussions/ONTAP-Tools-for-VMware-vSphere-service-account-permissions/m-p/453266#M10037 prcpa8w3p 2024-06-18T16:27:16Z https://community.netapp.com/t5/VMware-Solutions-Discussions/ONTAP-Tools-for-VMware-vSphere-service-account-permissions/m-p/453477#M10039 <P>Hi All - any update on this?</P> Tue, 25 Jun 2024 14:49:07 GMT https://community.netapp.com/t5/VMware-Solutions-Discussions/ONTAP-Tools-for-VMware-vSphere-service-account-permissions/m-p/453477#M10039 prcpa8w3p 2024-06-25T14:49:07Z https://community.netapp.com/t5/VMware-Solutions-Discussions/ONTAP-Tools-for-VMware-vSphere-service-account-permissions/m-p/453516#M10040 <P>I haven't tried, but according to this two key things you need are access to the&nbsp;<SPAN class="">ExtensionManager.registerExtension()</SPAN><SPAN>, updateExtension(), and I'm also guessing you will want to have access to the&nbsp;unregisterExtension() methods collectively.</SPAN></P><P><A href="https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-eam-developer-guide/GUID-2A14C632-F90E-42C9-A17F-2ED8BAD0C5B2.html" target="_blank" rel="noopener">Connect the extension to vCenter Server (vmware.com)</A></P><P><A href="https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-eam-developer-guide/GUID-E0F50391-5079-435F-ADA7-7E3311900234.html" target="_blank" rel="noopener">Unregister the extension from vCenter Server (vmware.com)</A></P><P>&nbsp;</P><P>When you register the plugin, it also creates roles so you need to have rights to do that too.</P><P>&nbsp;</P><P>When you actually use the product, it operates as the logged in user. So creating datastores and such are inherited from that.</P><P>&nbsp;</P><P>When I look in the vCenter GUI, I can see these. Give it a try and let us know how it goes.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="ChanceBingen_0-1719424324069.png" style="width: 711px;"><img src="https://community.netapp.com/t5/image/serverpage/image-id/28518i9E76D83A68603BBC/image-dimensions/711x546?v=v2" width="711" height="546" role="button" title="ChanceBingen_0-1719424324069.png" alt="ChanceBingen_0-1719424324069.png" /></span></P><P>&nbsp;</P> Wed, 26 Jun 2024 17:54:51 GMT https://community.netapp.com/t5/VMware-Solutions-Discussions/ONTAP-Tools-for-VMware-vSphere-service-account-permissions/m-p/453516#M10040 ChanceBingen 2024-06-26T17:54:51Z https://community.netapp.com/t5/VMware-Solutions-Discussions/ONTAP-Tools-for-VMware-vSphere-service-account-permissions/m-p/453517#M10041 <P>Also, this KB may do the trick too.&nbsp;<A href="https://kb.netapp.com/data-mgmt/OTV/SRA_Kbs/How_to_create_a_service_account_in_vCenter_for_only_allowing_VSC_SRM_Functions" target="_blank">How to create a service account in vCenter for only allowing VSC/SRM Functions - NetApp Knowledge Base</A></P> Wed, 26 Jun 2024 17:57:54 GMT https://community.netapp.com/t5/VMware-Solutions-Discussions/ONTAP-Tools-for-VMware-vSphere-service-account-permissions/m-p/453517#M10041 ChanceBingen 2024-06-26T17:57:54Z https://community.netapp.com/t5/VMware-Solutions-Discussions/ONTAP-Tools-for-VMware-vSphere-service-account-permissions/m-p/453874#M10053 <P><a href="https://community.netapp.com/t5/user/viewprofilepage/user-id/12714">@ChanceBingen</a>&nbsp; - thank you for looking into this. We keep coming across the following NetApp KBA which we don't currently have access to - is it possible for you to share the contents?</P><P><A href="https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/Virtual_Storage_Console_for_VMware_vSphere/How_to_configure_RBAC_for_Virtual_Storage_Console" target="_blank">https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/Virtual_Storage_Console_for_VMware_vSphere/How_to_configure_RBAC_for_Virtual_Storage_Console</A></P> Wed, 10 Jul 2024 15:28:24 GMT https://community.netapp.com/t5/VMware-Solutions-Discussions/ONTAP-Tools-for-VMware-vSphere-service-account-permissions/m-p/453874#M10053 prcpa8w3p 2024-07-10T15:28:24Z https://community.netapp.com/t5/VMware-Solutions-Discussions/ONTAP-Tools-for-VMware-vSphere-service-account-permissions/m-p/453882#M10054 <P>Looks like that KB has been archived and replaced with this one:&nbsp;<A href="https://kb.netapp.com/data-mgmt/OTV/VSC_Kbs/VSC_VASA_and_SRA_ONTAP_RBAC_Configuration" target="_blank">ONTAP Tools for VMware vSphere: RBAC Configuration - NetApp Knowledge Base</A></P> Wed, 10 Jul 2024 17:49:23 GMT https://community.netapp.com/t5/VMware-Solutions-Discussions/ONTAP-Tools-for-VMware-vSphere-service-account-permissions/m-p/453882#M10054 ChanceBingen 2024-07-10T17:49:23Z https://community.netapp.com/t5/VMware-Solutions-Discussions/ONTAP-Tools-for-VMware-vSphere-service-account-permissions/m-p/453886#M10055 <P><a href="https://community.netapp.com/t5/user/viewprofilepage/user-id/12714">@ChanceBingen</a>&nbsp;- ty sir, appreciate it. We're going to try it out in our test/engineering labs</P> Wed, 10 Jul 2024 20:40:30 GMT https://community.netapp.com/t5/VMware-Solutions-Discussions/ONTAP-Tools-for-VMware-vSphere-service-account-permissions/m-p/453886#M10055 prcpa8w3p 2024-07-10T20:40:30Z