VMware vSphere

Hi,

My organisation writes monitoring software and we're creating a plugin to support vCenter.  Can someone please tell me what the minimum set of permissions are for a read-only API user?  It would appear the read-only role does not have API access.  Any help would be greatly appreciated.

Cheers

There are no special permissions for API access in vCenter. The role and therefore permissions assigned to a given user in vCenter also take effect in the API. They aren't two separate considerations.

Thanks for your reply.  My question was really asking what the minimum set of permissions were for a read-only API user.  As you indicated, if I can get it to work in the the GUI API Explorer, it should work via the Python SDK, PowerShell, etc.  My issue was that I could not get sections of the API to work with my read-only user.  Adding my user to the Administrator group worked but I don't want my "monitoring" users to be an admin.  After a lot trial and error - it turns out I need to add my user to the SystemConfiguration.Administrator role.  This is still not ideal (in fact it sucks) but at least it works and is not a full-blown admin!

If there is a better way to achieve read-only API access, or if there are any plans to change this in the future, it would be great to know.  If nothing else, it would be useful to explain to our customers why our monitoring user requires admin privileges and where we should redirect their queries.