By using this recommended method, available with vCenter Server 5.x, the vCenter Server database administrator can set permissions for vCenter Server users and administrators to be granted through Microsoft SQL Server database roles.

VMware recommends this method because it removes the requirement to set up the database dbo schema and db_owner role for vCenter Server users who install and upgrade vCenter Server.

Alternatively, you can assign vCenter Server database permissions by creating and assigning the db_owner role and letting the vCenter Server installer create the default schema that assigns database user permissions to that role. See Set Database Permissions by Using the dbo Schema and the db_owner Database Role.

Create the vCenter Server database. See Create a SQL Server Database and User for vCenter Server

1

Create the database VCDB and the database schema VMW in VCDB.

2

Assign the default schema VMW to the user [vpxuser].

3

In the vCenter Server database, create the user role VC_ADMIN_ROLE.

4

In the vCenter Server database, grant privileges to the VC_ADMIN_ROLE.

a

Grant the schema permissions ALTER, REFERENCES, and INSERT.

b

Grant the permissions CREATE TABLE, VIEW, and CREATE PROCEDURES.

5

In the vCenter Server database, create the VC_USER_ROLE.

6

In the vCenter Server database, grant the schema permissions SELECT, INSERT, DELETE, UPDATE, and EXECUTE to the VC_USER_ROLE.

7

Grant the VC_USER_ROLE to the user [vpxuser].

8

Grant the VC_ADMIN_ROLE to the user [vpxuser].

9

In the MSDB database, create the user [vpxuser].

10

In the MSDB database, create the user role VC_ADMIN_ROLE.

11

Grant privileges to the VC_ADMIN_ROLE in MSDB.

a

On the MSDB tables syscategories, sysjobsteps, and sysjobs, grant the SELECT permission to the user [vpxuser].

b

On the MSDB stored procedures sp_add_job, sp_delete_job, sp_add_jobstep, sp_update_job, sp_add_jobserver, sp_add_jobschedule, and sp_add_category, grant the EXECUTE permission to the role VC_ADMIN_ROLE.

12

In the MSDB database, grant the VC_ADMIN_ROLE to the user [vpxuser].

13

Connect to the vCenter Server database as user [vpxuser] and create the ODBC DSN.

14

Install vCenter Server.

15

Revoke the VC_ADMIN_ROLE from the user [vpxuser] in the vCenter Server database.

After you revoke the role, you can leave the role as inactive for use in future upgrades, or remove the role for increased security. If you remove the role, you must recreate the role and assign it to the user [vpxuser] before any future upgrade of vCenter Server.

The hardcoded dbo role is removed from VCDB_mssql.sql.