vmware
diff --git a/‎.web-docs/components/builder/vsphere-clone/README.md‎
Lines changed: 69 additions & 53 deletions b/‎.web-docs/components/builder/vsphere-clone/README.md‎
Lines changed: 69 additions & 53 deletions
diff --git a/‎.web-docs/components/builder/vsphere-iso/README.md‎
Lines changed: 43 additions & 40 deletions b/‎.web-docs/components/builder/vsphere-iso/README.md‎
Lines changed: 43 additions & 40 deletions
@@ -1802,56 +1802,72 @@ JSON Example:
 
 ## Privileges
 
-- VM folder (this object and children):
-
-  ```text
-  Virtual machine > Inventory
-  Virtual machine > Configuration
-  Virtual machine > Interaction
-  Virtual machine > Snapshot management
-  Virtual machine > Provisioning
-  ```
-
-- Resource pool, host, or cluster (this object):
-
-  ```text
-  Resource -> Assign virtual machine to resource pool
-  ```
-
-- Host in clusters without DRS (this object):
-
-  ```text
-  Read-only
-  ```
-
-- Datastore (this object):
-
-  ```text
-  Datastore > Allocate space
-  Datastore > Browse datastore
-  Datastore > Low level file operations
-  ```
-
-- Network (this object):
-
-  ```text
-  Network > Assign network
-  ```
-
-- Distributed switch (this object):
-
-  ```text
-  Read-only
-  ```
-
-- Datacenter (this object):
-
-  ```text
-  Datastore > Low level file operations
-  ```
-
-- Host (this object):
-
-  ```text
-  Host > Configuration > System Management
-  ```
+It is recommended to create a custom vSphere role with the required privileges to integrate Packer
+with vSphere. Accounts or groups can be added to the role to ensure that Packer has least privilege
+access to the infrastructure.
+
+For example, a named service account (_e.g._ `svc-packer-vsphere@example.com`).
+
+Clone the default **Read-Only** vSphere role and add the following privileges:
+
+| Category                 | Privilege                                           | Reference                                          |
+| ------------------------ | --------------------------------------------------- | -------------------------------------------------- |
+| Content Library          | Add library item                                    | `ContentLibrary.AddLibraryItem`                    |
+| ...                      | Update library item                                 | `ContentLibrary.UpdateLibraryItem`                 |
+| Cryptographic Operations | Direct access                                       | `Cryptographer.Access`                             |
+| ...                      | Encrypt                                             | `Cryptographer.Encrypt`                            |
+| Datastore                | Allocate space                                      | `Datastore.AllocateSpace`                          |
+| ...                      | Browse datastore                                    | `Datastore.Browse`                                 |
+| ...                      | Low level file operations                           | `Datastore.FileManagement`                         |
+| Network                  | Assign network                                      | `Network.Assign`                                   |
+| Resource                 | Assign virtual machine to resource pool             | `Resource.AssignVMToPool`                          |
+| vApp                     | Export                                              | `vApp.Export`                                      |
+| Virtual Machine          | Configuration > Add new disk                        | `VirtualMachine.Config.AddNewDisk`                 |
+| ...                      | Configuration > Add or remove device                | `VirtualMachine.Config.AddRemoveDevice`            |
+| ...                      | Configuration > Advanced configuration              | `VirtualMachine.Config.AdvancedConfig`             |
+| ...                      | Configuration > Change CPU count                    | `VirtualMachine.Config.CPUCount`                   |
+| ...                      | Configuration > Change memory                       | `VirtualMachine.Config.Memory`                     |
+| ...                      | Configuration > Change settings                     | `VirtualMachine.Config.Settings`                   |
+| ...                      | Configuration > Change Resource                     | `VirtualMachine.Config.Resource`                   |
+| ...                      | Configuration > Set annotation                      | `VirtualMachine.Config.Annotation`                 |
+| ...                      | Edit Inventory > Create from existing               | `VirtualMachine.Inventory.CreateFromExisting`      |
+| ...                      | Edit Inventory > Remove                             | `VirtualMachine.Inventory.Delete`                  |
+| ...                      | Interaction > Configure CD media                    | `VirtualMachine.Interact.SetCDMedia`               |
+| ...                      | Interaction > Configure floppy media                | `VirtualMachine.Interact.SetFloppyMedia`           |
+| ...                      | Interaction > Connect devices                       | `VirtualMachine.Interact.DeviceConnection`         |
+| ...                      | Interaction > Inject USB HID scan codes             | `VirtualMachine.Interact.PutUsbScanCodes`          |
+| ...                      | Interaction > Power off                             | `VirtualMachine.Interact.PowerOff`                 |
+| ...                      | Interaction > Power on                              | `VirtualMachine.Interact.PowerOn`                  |
+| ...                      | Provisioning > Clone virtual machine                | `VirtualMachine.Provisioning.Clone`                |
+| ...                      | Provisioning > Create template from virtual machine | `VirtualMachine.Provisioning.CreateTemplateFromVM` |
+| ...                      | Provisioning > Customize guest                      | `VirtualMachine.Provisioning.Customize`            |
+| ...                      | Provisioning > Deploy template                      | `VirtualMachine.Provisioning.DeployTemplate`       |
+| ...                      | Provisioning > Mark as template                     | `VirtualMachine.Provisioning.MarkAsTemplate`       |
+| ...                      | Provisioning > Mark as virtual machine              | `VirtualMachine.Provisioning.MarkAsVM`             |
+| ...                      | Snapshot Management > Create snapshot               | `VirtualMachine.State.CreateSnapshot`              |
+
+Global permissions **[are required](https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/vsphere-security-8-0/vsphere-permissions-and-user-management-tasks/understanding-authorization-in-vsphere.html)** for the content library based on the hierarchical inheritance of permissions. Once the custom vSphere role is created, assign **Global Permissions** in vSphere to the accounts or groups used for the Packer to vSphere integration, if using the content library.
+
+For example:
+
+1. Log in to the vCenter at _https://<vcenter_fqdn>/ui_ as `administrator@vsphere.local`.
+2. Select **Menu** > **Administration**.
+3. In the left pane, select **Access control** > **Global permissions** and click the
+   **Add permissions** icon.
+4. In the **Add permissions** dialog box, enter the service account
+   (_e.g._ `svc-packer-vsphere@example.com`), select the custom role
+   (_e.g._ Packer to vSphere Integration Role) and the **Propagate to children** check box,
+   and click **OK**.
+
+In an environment with many vCenter instances, such as management and workload, in enhanced
+linked-mode, you may wish to further reduce the scope of access across the vSphere infrastructure if
+you do not want Packer to have access to the management vCenter instance, but only allow
+access to workload vCenter instances.
+
+For example:
+
+1. From the **Hosts and clusters** inventory, select management vCenter Server to restrict scope,
+   and click the **Permissions** tab.
+2. Select the service account with the custom role assigned and click the **Change role** icon.
+3. In the **Change role** dialog box, from the **Role** drop-down menu, select **No Access**, select
+   the **Propagate to children** check box, and click **OK**.
@@ -1680,7 +1680,7 @@ Only use the `host` option. Optionally, specify a `resource_pool`:
 HCL Example:
 
 ```hcl
-  host = ""esxi-01.example.com""
+  host = "esxi-01.example.com"
   resource_pool = "example_resource_pool"
 ```
 
@@ -1735,51 +1735,54 @@ access to the infrastructure.
 
 For example, a named service account (_e.g._ `svc-packer-vsphere@example.com`).
 
-Clone the default **Read-Only** vSphere role and add the following privileges, which are based on
-the capabilities of the `vsphere-iso` plugin:
-
-| Category        | Privilege                                           | Reference                                          |
-| --------------- | --------------------------------------------------- | -------------------------------------------------- |
-| Content Library | Add library item                                    | `ContentLibrary.AddLibraryItem`                    |
-| ...             | Update Library Item                                 | `ContentLibrary.UpdateLibraryItem`                 |
-| Datastore       | Allocate space                                      | `Datastore.AllocateSpace`                          |
-| ...             | Browse datastore                                    | `Datastore.Browse`                                 |
-| ...             | Low level file operations                           | `Datastore.FileManagement`                         |
-| Network         | Assign network                                      | `Network.Assign`                                   |
-| Resource        | Assign virtual machine to resource pool             | `Resource.AssignVMToPool`                          |
-| vApp            | Export                                              | `vApp.Export`                                      |
-| Virtual Machine | Configuration > Add new disk                        | `VirtualMachine.Config.AddNewDisk`                 |
-| ...             | Configuration > Add or remove device                | `VirtualMachine.Config.AddRemoveDevice`            |
-| ...             | Configuration > Advanced configuration              | `VirtualMachine.Config.AdvancedConfig`             |
-| ...             | Configuration > Change CPU count                    | `VirtualMachine.Config.CPUCount`                   |
-| ...             | Configuration > Change memory                       | `VirtualMachine.Config.Memory`                     |
-| ...             | Configuration > Change settings                     | `VirtualMachine.Config.Settings`                   |
-| ...             | Configuration > Change Resource                     | `VirtualMachine.Config.Resource`                   |
-| ...             | Configuration > Set annotation                      | `VirtualMachine.Config.Annotation`                 |
-| ...             | Edit Inventory > Create from existing               | `VirtualMachine.Inventory.CreateFromExisting`      |
-| ...             | Edit Inventory > Create new                         | `VirtualMachine.Inventory.Create`                  |
-| ...             | Edit Inventory > Remove                             | `VirtualMachine.Inventory.Delete`                  |
-| ...             | Interaction > Configure CD media                    | `VirtualMachine.Interact.SetCDMedia`               |
-| ...             | Interaction > Configure floppy media                | `VirtualMachine.Interact.SetFloppyMedia`           |
-| ...             | Interaction > Connect devices                       | `VirtualMachine.Interact.DeviceConnection`         |
-| ...             | Interaction > Inject USB HID scan codes             | `VirtualMachine.Interact.PutUsbScanCodes`          |
-| ...             | Interaction > Power off                             | `VirtualMachine.Interact.PowerOff`                 |
-| ...             | Interaction > Power on                              | `VirtualMachine.Interact.PowerOn`                  |
-| ...             | Provisioning > Create template from virtual machine | `VirtualMachine.Provisioning.CreateTemplateFromVM` |
-| ...             | Provisioning > Mark as template                     | `VirtualMachine.Provisioning.MarkAsTemplate`       |
-| ...             | Provisioning > Mark as virtual machine              | `VirtualMachine.Provisioning.MarkAsVM`             |
-| ...             | State > Create snapshot                             | `VirtualMachine.State.CreateSnapshot`              |
+Clone the default **Read-Only** vSphere role and add the following privileges:
+
+| Category                 | Privilege                                           | Reference                                          |
+| ------------------------ | --------------------------------------------------- | -------------------------------------------------- |
+| Content Library          | Add library item                                    | `ContentLibrary.AddLibraryItem`                    |
+| ...                      | Update library Item                                 | `ContentLibrary.UpdateLibraryItem`                 |
+| Cryptographic Operations | Direct access                                       | `Cryptographer.Access`                             |
+| ...                      | Encrypt                                             | `Cryptographer.Encrypt`                            |
+| Datastore                | Allocate space                                      | `Datastore.AllocateSpace`                          |
+| ...                      | Browse datastore                                    | `Datastore.Browse`                                 |
+| ...                      | Low level file operations                           | `Datastore.FileManagement`                         |
+| Network                  | Assign network                                      | `Network.Assign`                                   |
+| Resource                 | Assign virtual machine to resource pool             | `Resource.AssignVMToPool`                          |
+| vApp                     | Export                                              | `vApp.Export`                                      |
+| Virtual Machine          | Configuration > Add new disk                        | `VirtualMachine.Config.AddNewDisk`                 |
+| ...                      | Configuration > Add or remove device                | `VirtualMachine.Config.AddRemoveDevice`            |
+| ...                      | Configuration > Advanced configuration              | `VirtualMachine.Config.AdvancedConfig`             |
+| ...                      | Configuration > Change CPU count                    | `VirtualMachine.Config.CPUCount`                   |
+| ...                      | Configuration > Change memory                       | `VirtualMachine.Config.Memory`                     |
+| ...                      | Configuration > Change settings                     | `VirtualMachine.Config.Settings`                   |
+| ...                      | Configuration > Change Resource                     | `VirtualMachine.Config.Resource`                   |
+| ...                      | Configuration > Set annotation                      | `VirtualMachine.Config.Annotation`                 |
+| ...                      | Edit Inventory > Create from existing               | `VirtualMachine.Inventory.CreateFromExisting`      |
+| ...                      | Edit Inventory > Create new                         | `VirtualMachine.Inventory.Create`                  |
+| ...                      | Edit Inventory > Remove                             | `VirtualMachine.Inventory.Delete`                  |
+| ...                      | Interaction > Configure CD media                    | `VirtualMachine.Interact.SetCDMedia`               |
+| ...                      | Interaction > Configure floppy media                | `VirtualMachine.Interact.SetFloppyMedia`           |
+| ...                      | Interaction > Connect devices                       | `VirtualMachine.Interact.DeviceConnection`         |
+| ...                      | Interaction > Inject USB HID scan codes             | `VirtualMachine.Interact.PutUsbScanCodes`          |
+| ...                      | Interaction > Power off                             | `VirtualMachine.Interact.PowerOff`                 |
+| ...                      | Interaction > Power on                              | `VirtualMachine.Interact.PowerOn`                  |
+| ...                      | Provisioning > Create template from virtual machine | `VirtualMachine.Provisioning.CreateTemplateFromVM` |
+| ...                      | Provisioning > Mark as template                     | `VirtualMachine.Provisioning.MarkAsTemplate`       |
+| ...                      | Provisioning > Mark as virtual machine              | `VirtualMachine.Provisioning.MarkAsVM`             |
+| ...                      | Snapshot Management > Create snapshot               | `VirtualMachine.State.CreateSnapshot`              |
 
 Global permissions **[are required](https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/vsphere-security-8-0/vsphere-permissions-and-user-management-tasks/understanding-authorization-in-vsphere.html)** for the content library based on the hierarchical inheritance of permissions. Once the custom vSphere role is created, assign **Global Permissions** in vSphere to the accounts or groups used for the Packer to vSphere integration, if using the content library.
 
 For example:
 
-1. Log in to the vCenter Server at _https://<management_vcenter_server_fqdn>/ui_ as `administrator@vsphere.local`.
+1. Log in to the vCenter at _https://<vcenter_fqdn>/ui_ as `administrator@vsphere.local`.
 2. Select **Menu** > **Administration**.
-3. In the left pane, select **Access control** > **Global permissions** and click the **Add permissions** icon.
-4. In the **Add permissions** dialog box, enter the service account (_e.g._
-   `svc-packer-vsphere@example.com`), select the custom role (_e.g._ Packer to vSphere Integration
-   Role) and the **Propagate to children** check box, and click **OK**.
+3. In the left pane, select **Access control** > **Global permissions** and click the
+   **Add permissions** icon.
+4. In the **Add permissions** dialog box, enter the service account
+   (_e.g._ `svc-packer-vsphere@example.com`), select the custom role
+   (_e.g._ Packer to vSphere Integration Role) and the **Propagate to children** check box,
+   and click **OK**.
 
 In an environment with many vCenter instances, such as management and workload, in enhanced
 linked-mode, you may wish to further reduce the scope of access across the vSphere infrastructure if