vCenter permissions can be applied with high granularity, with each user being assigned a specific role with a wide range of permissions at each layer/object in the hierarchy.
The permissions required for the Jazz Platform on vCenter are based on the need to perform two main functions. The first is for the installer to be able to deploy the required Jazz virtual machines, and the second is for the Jazz Platform to be able to dynamically allocate disks to worker machines for resilience.
In general, it should be sufficient for most deployments to use an existing administrator role, or apply the permissions outlined in the Jazz Platform Deployment Guide at the root level. If higher granularity is required, we recommend following the required permissions outlined in this article under "Minimal set of vSphere roles/privileges required for dynamic volume provisioning without storage policy based volume placement."