Read Accounts for Data Sources

Without read access to the data sources you wish to inventory, vScope won’t discover any information from them. That is why you need to define Credentials in Discovery Manager. You can either use an existing account or create a new specific read account for vScope.

At its core, a vScope inventory can only pull information and cannot make any changes whatsoever in your data center. This is important to mention because when working with the Discovery Manager, it’s important to have access to accounts with read rights for the different data sources you wish to inventory. For example, a service with maximum read rights would work perfectly.

Account credentials for each data source


Read-only role with full rights to read all resources and information. There’s an option to only view parts of the virtual infrastructure (for example an outsourced part) with the use of a so-called “limited VMware read account“.

Hyper-V (WMI or VMM) and Windows (WMI/WinRM)

Set up user accounts with reading rights as per the following guide.


You need an account with full read permissions and access to the SCCM SQL database (the SCCM host).
Minimum Rights to Read SCCM

Linux & Unix (SSH)

User account with access to all Linux operative systems.

How vScope probes with SSH.

Web certificates (HTTP)

No user account is needed for information about web certificates.

Databases (Oracle, MS SQL, MySQL)

LDAP and Active Directory

The same as for WMI, the account needs highest possible reading rights, and you can either create a local account or the non-recommended domain admin.

Azure AD / Office365

For Azure, you need to set up an API connection with vScope by creating an application with read permissions. See step-by-step instructions here.


vScope querys Veeam’s SQL database for information. Find out more here.

SAN (SMI-S or NetApp)

Depending on the vendor you may have to turn on “SMI-S” on the SAN. SMI-S is a standard protocol that most of the SAN vendors supports. You can find more information on how to turn on this protocol for the different vendors here.


Pull only account is sufficient.

Switches, printers, access points etc. (SNMP)

This “account” is a public string. The default is usually “Public”, but could have been changed by your organization at some point.

Read more


User must have READ permissions to the Nutanix API, eg. Prism Viewer. Read more here.

More information?

You can also find more information about read accounts, targets, and the Discovery Manager here.

Leave a Reply