Read Accounts for Data Sources

Without read access to the data sources you wish to inventory, vScope won’t discover any information from them. That is why you need to define Credentials in Discovery Manager. You can either use an existing account or create a new specific read account for vScope.

In it’s core, a vScope inventory can only pull information and cannot make any changes whatsoever in your data center. This is important to mention because when working with the Discovery Manager, it’s important to have access to accounts with read rights for the different data sources you wish to inventory. For example, a service with maximum read rights would work perfectly.

Account credentials for each data source


Read only role with full rights to read all resources and information. There’s an option to only view parts of the virtual infrastructure (for example an outsourced part) with the use of a so called “limited VMware read account“.

Hyper-V (WMI or VMM)

Read only-accounts with access to the entire virtual infrastructure.

Windows (WMI/WinRM)

Set up local user accounts with reading rights as per the following guide. For simplicity it is possible to use a domain admin account, but this isn’t something InfraSight Labs recommends.


You need an account with full read permissions and access to the SCCM SQL database (the SCCM host).

Linux & Unix (SSH)

User account with access to all Linux operative systems.

How vScope probes with SSH.

Web certificates (HTTP)

No user account needed for information about web certificates.

Databases (Oracle, MS SQL, MySQL)

LDAP and Active Directory

The same as for WMI, the account needs highest possible reading rights, and you can either create a local account or the non-recommended domain admin.

Azure AD / Office365

For Azure, you need to set up an API connection with vScope by creating an application with read permissions. See step-by-step instructions here.


vScope querys Veeam’s SQL database for information. Find out more here.

SAN (SMI-S or NetApp)

Depending on the vendor you may have to turn on “SMI-S” on the SAN. SMI-S is a standard protocol that most of the SAN vendors supports. You can find more information on how to turn on this protocol for the different vendors here.


Pull only account is sufficient.

Switches, printers, access points etc. (SNMP)

This “account” is a public string. Default is usually “Public”, but could have been changed by your organization at some point.

Read more.

More information?

You can also find more information about read accounts, targets and the Discovery Manager here.

Leave a Reply