Permissions for VMware Server Auditing

Before you start creating a monitoring plan to audit your VMware hosts, plan for the account that will be used for data collection – it should meet the requirements listed below. Contact your virtual infrastructure administrator if necessary.

On the target VMware hosts:

To collect state-in-time data, and auditing SSO users, local users, and groups, the account must be included in the Administrators group for the vCenter SSO domain. (If you have assigned the Read-only role to that account, it should be removed.)
To collect activity data, the account must have at least Read-only role on the audited hosts.

See the following VMware article for additional information: Add Members to a vCenter Single Sign-On Group.

Then you will provide this account in the monitoring plan wizard — it will be used as default account to process all items (VMware servers) included in the monitoring plan. However, if you want to use specific settings for each of your VMware servers, you can provide custom account when configuring a corresponding monitored item.