Skip to main content

Service Account Configuration

The RiverMeadow platform utilizes the HPE Morpheus VM Essentials REST API to orchestrate the migration of workloads to the HVM hypervisor. The security best practice is to create a dedicated service account that will be used by the RiverMeadow Meadow migration appliance to interact with the REST API. This service account should be granted only the privileges that are required to ensure that it aligns with the security principle of least privilege.

User Account: A user account (local or identity provider) should be created in the HPE Morpheus VM Essentials platform with a secure password for use by the RiverMeadow migration appliance.

User Role: A user role should also be created to assign the required privileges to the user account. Privileges or permissions within HPE Morpheus VM Essentials and HPE Morpheus Enterprise are associated with a user role for assignment.

Role Privileges

The following privileges are required by the user role to migrate workloads using the RiverMeadow platform:

PrivilegeAccess Level
Backup SettingsFull
Environment SettingsFull
Provisioning SettingsFull
RolesFull
Service PlansRead
ClustersFull
ComputeFull
GroupsFull
NetworksRead
StorageRead
Virtual ImagesFull
Power ControlFull
ReconfigureFull
Reconfigure: Change PlanFull
Reconfigure: Disk AddFull
Reconfigure: Disk Change TypeFull
Reconfigure: Disk ModifyFull
Reconfigure: Disk RemoveFull
Reconfigure: Network AddFull
Reconfigure: Network ModifyFull
Reconfigure: Network RemoveFull
Retry/CancelFull
ActivityRead
DashboardRead
Import ImageFull
Instances: AddFull
Instances: CloneFull
Instances: DeleteFull
Instances: EditFull
Instances: ListFull
Instances: SettingsFull
Remote ConsoleUser
SnapshotsFull
Snapshots: Linked CloneFull
tip

The most current version of the required privileges is available in the RiverMeadow documentation: https://docs.rivermeadow.com/hpe-vme-required-privileges.