Setting Permissions for ControlUp in VMware vCenter
To connect your vCenter server to ControlUp for monitoring purposes, it's highly recommended to create a dedicated user (Service Account) in Active Directory and assign it with privileges in vCenter that will be used only for this purpose.
In this article, we'll explain how and where to create the user and what permissions will be needed to perform tasks in the ControlUp Real-Time Console.
The first step is to create a user in your Active Directory. Example for username: CU_VMware
**If you already have a service account that you want to use with CU it's also possible. You DO NOT have to create a special user just for ControlUp.
2nd step - login to your vSphere Web Client and go to(>)
Hosts and Clusters and select the root folder (
) > Manage > Permissions > click on and add the user we've created. (CU_VMware)
**Make sure that the correct domain is selected when searching for CU_VMware.
** If you wish to exclude specific vSphere Clusters from ControlUp, you will need to change the permission on the root folder (
) to -No Access- role and then on each Cluster that you DO want to see in ControlUp, highlight the Cluster > Manage > Permissions > add the CU_VMware with Read-Only role (or a custom vCenter role that you created)
There are two kinds of roles that you can assign to the user. It can be either the built-in vCenter "Read-Only" role which will give you the ability to view ALL the virtual machines running on a specific vSphere cluster via ControlUp and the other role is a custom role that you create in vCenter Server and assign it with certain permissions to perform actions (as the image below)
** If you would like to know how to create a new custom vCenter role - click here
vCenter Server privileges required to utilize the ControlUp Console actions under “VM Power Management” are located in Virtual Machine > Interaction > Power Off \ Power On \ Reset (attached image for example.)
3rd step - go to VMs and Templates > Manage > Permissions and add CU_VMware with No Access permissions.
At this point, only clusters that you've allowed the user to view should be in the ControlUp Console.
if you're still not seeing VM's in your grid - confirm that "Show Agentless Managed VMs" is checked.
Note - if you're still not seeing VM's in your grid - confirm that "Show Agentless Managed VMs" is checked.