Yesterday I received a question about the specific vSphere privilege that is required to view RESXTOP data on an ESXi host. The reason for this request was to create a restricted role for a group of users who only needed to have access to RESXTOP performance data. I did not know the answer off the top of my head, but it was a pretty easy to narrow down the specific privilege with a quick test in my lab.
Through the process of elimination, it turns out you just need the Global.Service managers privilege to view only RESXTOP data. It may not seem intuitive, but the Service Manager is responsible for providing vSphere API access to both RESXTOP as well as vScsiStats interfaces which I have written about here.
In my lab, I created a new role called resxtop and then associated the role with the user(s) within the vSphere inventory. You can centrally manage this using vCenter Server or you can do this directly on an ESXi host, but you will need to ensure the role is create on each and every single ESXi host along with it's user association.
[…] found a good article from William Lam regarding this esxtop and user […]