# Least Privilege Permissions vSphere Capi User ``` 1. Open a vSphere Client connection to the vCenter Server 2. Select Home > Administration > Roles > Add Role. 3. Give the new role a name, then select these Privileges: ``` Datastore * Allocate space Network * Assign network Resource * Assign virtual machine to resource pool Virtual machine * Change Configuration * Add new disk * Add or remove device * Advanced configuration * Change CPU count * Change Memory * Change Settings * Reload from path Edit Inventory * Create from existing * Remove Interaction * Power off * Power on Provisioning * Clone template * Deploy template Session * ValidateSession 4. Add the permission at the highest level and set to propagate the permissions.