When you configure a vCenter Python Actions Adapter in vRealize Operations Manager, you configure credentials that are used to run the actions in vCenter Server. As a vRealize Operations Manager administrator, you must understand how the adapter credentials and user privileges interact to ensure that you configure adapters and users correctly.

Because vRealize Operations Manager supports local user accounts and vCenter Server authentication, you must take care with user permissions in vCenter Server and vRealize Operations Manager.

When you configure a vCenter Python Actions Adapter, you must provide vCenter Server credentials that have sufficient privileges to connect and make changes to objects on the vCenter Server. If the provided credentials have limited access to objects in vCenter Server, even vRealize Operations Manager administrative users can run actions only on the objects for which the vCenter Server credentials have permission. If the provided credentials have access to all the objects in vCenter Server, any vRealize Operations Manager user who runs actions is using this account.

You can control user access to actions for the local users based on how you configure user privileges in Access Control in vRealize Operations Manager. If users log in using their vCenter Server accounts, then how you have the account configured in vCenter Server determines their privileges.

For example, you might have a vCenter Server user with a read-only role in vCenter Server. If you give this user the vRealize Operations Power User role in vCenter Server rather than a more restrictive role, the user can run actions on objects because the adapter is configured with credentials that have privileges to change objects.

To avoid this type of unexpected result, configure local vRealize Operations Manager users and vCenter Server users with the privileges you want them to have in your environment.