Environment is vSphere 6.7 three hosts in a cluster and AD authentication enabled for HTML5 client.
Problem : Assign AD group with limited permission to allow management of: power, console access and deploy from a template into a specific datastore.
I've spent several hours searching the documentation and examples I've found refer to Role permissions that do not correlate to the administration within the UI for vSphere -> Access Control -> Roles. For example from the vmware docs site for 6.7:
Blockquote
You must have the following privileges to clone a virtual machine:
Virtual machine .Provisioning.Clone virtual machine on the virtual machine you are cloning.
Virtual machine .Inventory.Create from existing on the datacenter or virtual machine folder.
Virtual machine.Configuration.Add new disk on the datacenter or virtual machine folder.
Resource.Assign virtual machine to resource pool on the destination host, cluster, or resource pool.
Datastore.Allocate space on the destination datastore or datastore folder.
Network.Assign network on the network to which the virtual machine will be assigned.
Virtual machine .Provisioning.Customize on the virtual machine or virtual machine folder if you are customizing the guest operating system.
Virtual machine .Provisioning.Read customization specifications on the root vCenter Server if you are customizing the guest operating system.
These are not anywhere that I can find in the Roles section to apply and all of the permissions assigned to the roles are named differently. Web search results are polluted with a lot of examples that just aren't accurate.
Thanks!
