Paul B1
1 Copper

WSMAN ESXi 5.1 least privelege

In ESXi 5.1 all of the online instructions I can find indicate that the root user has to be used to poll wsman in OpenManage Essentials.  Why does monitoring require maximum priveleges?  Does anyone have a custom role in vcenter that can accomodate everything that wsman would need?

0 Kudos
2 Replies

Re: WSMAN ESXi 5.1 least privelege


Thanks for your post. OME currently only supports root account for WS-MAN communication with ESXi servers. We'll let marketing know about the ask and can look into supporting read only account for future releases.

As a work around you can use the mechanism suggested in the thread below:



0 Kudos
1 Copper

RE: WSMAN ESXi 5.1 least privelege

Any updates on this?  I'm rolling it out and I'd really like to not use an account with root priveleges.  I tried the setup in the post you linked, but in my 5.5 environment I don't have a root group and a read-only permission seems to produce an 'unknown' health status.  If I change my ws-man configuration to the root account the health status changes to 'Healthy'.

0 Kudos