---
title: "Managing granular rights on vSphere objects"
description: "Learn how to grant or remove user rights on specific objects in your Hosted Private Cloud vSphere inventory"
url: https://docs.ovhcloud.com/en/guides/hosted-private-cloud/powered-by-vmware/vsphere-granular-rights
lang: en
lastUpdated: 2025-10-06
---
# Managing granular rights on vSphere objects

## Objective

In addition to global datacenter rights, you can assign granular rights to users on specific objects in your Hosted Private Cloud vSphere inventory (for example, a VM or datastore). This guide explains how to add and remove these rights through the OVHcloud API.


***

### OVHcloud Control Panel Access

- **Direct link:** [VMware vSphere](https://manager.eu.ovhcloud.com/#/dedicated/dedicated_cloud)
- **Navigation path:** <code className="action">Hosted Private Cloud</code> > <code className="action">Managed VMware vSphere</code> > Select your vSphere service

***


## Prerequisites

- A [Hosted Private Cloud service](https://www.ovhcloud.com/en-gb/hosted-private-cloud/vmware/) with vSphere version 6.5 or higher
- Access to the [OVHcloud API](https://eu.api.ovh.com/)
- A [user](/en/guides/hosted-private-cloud/powered-by-vmware/vsphere-interface-connexion.md) already created in your Hosted Private Cloud service

## Instructions

### Add rights to a vSphere object

1. Call the following API endpoint:

   <Api version="v1" section="/order" method="POST" route={"/dedicatedCloud/\\{serviceName\\}/user/\\{userId\\}/objectRight"} />2. Fill in the request body with the object and user you want to grant access to.

   You can choose whether or not to propagate the right to child objects, similar to vSphere native rights.

2. Confirm the request. A task of type `addUserObjectRight` is created and applied on the vSphere object.

   <img className="thumbnail" alt="Add object right" src="/images/hosted-private-cloud/powered-by-vmware/vsphere-granular-rights/add-object-right.png" loading="lazy" />

### Remove rights from a vSphere object

1. Call the following API endpoint:

   <Api version="v1" section="/domain" method="DELETE" route={"/dedicatedCloud/\\{serviceName\\}/user/\\{userId\\}/objectRight/\\{objectRightId\\}"} />2. Fill in the fields with the `objectRightId` corresponding to the right you want to remove.

2. Confirm the request. A task of type `removeUserObjectRight` is created and removes the user right from the vSphere object.

   <img className="thumbnail" alt="Remove object right" src="/images/hosted-private-cloud/powered-by-vmware/vsphere-granular-rights/remove-object-right.png" loading="lazy" />

### Viewing rights in the OVHcloud Control Panel

1. Open the <ManagerLink to="/">OVHcloud Control Panel</ManagerLink>. Click <code className="action">Hosted Private Cloud</code> in the top bar, then <code className="action">Managed VMware vSphere</code> in the left menu, and select your PCC service.

2. Go to the <code className="action">Users</code> tab. On the desired user row, open the <code className="action">…</code> menu and click <code className="action">View/Edit the rights for each DC</code>.

   <img className="thumbnail" alt="Users tab and actions menu" src="/images/hosted-private-cloud/powered-by-vmware/vsphere-granular-rights/users-actions-menu.png" loading="lazy" />

3. On the **Manage admin user rights by datacentre** page, locate the datacenter row. Click the <code className="action">…</code> menu (or <code className="action">Modify rights</code>) to edit the rights.

   <img className="thumbnail" alt="Manage rights by datacentre" src="/images/hosted-private-cloud/powered-by-vmware/vsphere-granular-rights/rights-by-datacentre.png" loading="lazy" />

4. In the **Editing rights** window, set the rights and confirm.

   <img className="thumbnail" alt="Editing rights modal" src="/images/hosted-private-cloud/powered-by-vmware/vsphere-granular-rights/edit-rights-modal.png" loading="lazy" />

#### Rights reference

**vSphere access** — global user rights on vSphere.

| Right      | Description                  |
| ---------- | ---------------------------- |
| Provider   | Reserved for OVHcloud admins |
| None       | No access                    |
| Read-only  | Read-only access             |
| Read/Write | Read and write access        |

**Access to the VM Network** — management rights over the public network section (“VM Network” in vSphere).

| Right     | Description                                     |
| --------- | ----------------------------------------------- |
| Provider  | Allows VMs to be configured on a public network |
| Operator  | Allows VMs to be configured on a public network |
| None      | No access                                       |
| Read-only | Read access only                                |

**Access to V(X)LANs / GENEVE** — management rights over the private network section (VXLAN/GENEVE for Hosted Private Cloud, VLAN for SDDC).

| Right         | Description                                                                                            |
| ------------- | ------------------------------------------------------------------------------------------------------ |
| Provider      | Allows VMs to be configured on a private network                                                       |
| Administrator | Allows port groups to be managed on the virtual switch (create, modify, delete). SDDC and Premier only |
| None          | No access                                                                                              |
| Read-only     | Read access only                                                                                       |

**Host and storage management** — when enabled, the user can add or delete hosts and storage via the OVHcloud plugin in the vSphere client.

## Go further

If you need training or technical assistance to implement our solutions, please contact your sales representative or click [this link](https://www.ovhcloud.com/en-gb/professional-services/) to get a quote and request a personalised analysis of your project from our Professional Services team.

Join our [community of users](https://community.ovhcloud.com/).