The VMware driver currently calls the SessionIsActive API, which requires the vCenter Sessions.ValidateSession permission. https://libvirt.org/git/?p=libvirt.git;a=blob;f=src/esx/esx_vi.c;h=af822b14cfc5ba93c9c2ab4dfa2cb72a23a74a1a;hb=HEAD#l2068 This causes a problem that you have to give this permission to any libvirt client accessing VMware, and you have to give it from the very top level of vCenter, all the way down through the Cluster, Folder, hypervisor levels. This has caused a bit of pushback from virt-v2v users who consider that the SessionIsActive API is an "admin" API which they don't want to give out to roles using v2v. Is calling SessionIsActive necessary? From my (very limited) understanding, it seems as if we might use 'SessionManager. currentSession' property instead, which doesn't require admin permissions. Actually the code [see link above] already does this when ctx->hasSessionIsActive is false, but that doesn't apply to modern vCenter. See also https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=5699034b65afd49d91dff13c46481bea545cbaac which doesn't really explain why this was added. Also, why is it even necessary to check if the session is active here? Shouldn't we just log in unconditionally? Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com libguestfs lets you edit virtual machines. Supports shell scripting, bindings from many languages. http://libguestfs.org -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list