At work, one of our vSphere datacenters has a relatively static VM count maintained by a single group operating under the vCenter Administrator role. Recently, another group has joined this datacenter and will need to provision 60+ VMs, then hand over the VMs to us for ongoing maintenance and occasional provisioning of 1-2 VMs at a time. We do not want to make these users Administrators, nor do we want to provision 60+ VMs. To make this work, these new users need more rights than the VM Power User role during initial provisioning; some rights will be taken back when they move to maintenance mode. vCenter doesn’t provide any roles that match either need, so I had to create one that had all the correct permissions.
As the built-in roles do not provide the proper permissions, some trial and error was required to determine the correct combination of permissions for our situation. I do not expect that these permissions fit everyone’s needs. Please take the time to test and ensure whatever settings you do choose hit the right balance between your user’s needs and security considerations.