Below are the minimum required vCenter User Account Permissions for an Avamar account in order to setup image level backups. EMC recommends as a best practice to setup a separate account for Avamar to use during the image-level backups. This is to assist with troubleshooting any problems with backups and to also help maintain a secure vCenter environment. In high-security environments, you can restrict the vCenter user account permissions required to configure and administer the Avamar VMware image backup and restore feature to all of the following:
Datastore >
• Allocate Space
• Browse datastore
• Low level file operations
• Move datastore
• Remove datastore
• Remove file
• Rename datastore
Folder >
• Create Folder
Global >
• Cancel task
• Log event
• Settings
Network >
• Assign network
• Configure
Resource >
• Assign virtual machine to resource pool
Sessions >
• Validate session
Tasks >
• Create task
• Update task
Virtual machine > Configuration >
• Add existing disk
• Add new disk
• Add or Remove device
• Advanced
• Change CPU count
• Change Resource
• Disk change Tracking
• Disk Lease
• Host USB device
• Memory
• Modify device setting
• Raw device
• Reload from path
• Remove disk
• Rename
• Reset guest information
• Settings
• Swapfile placement
• Upgrade virtual hardware
• Extend Virtual disk
Virtual machine > Interaction >
• Power Off
• Power On
• Reset
Virtual machine > Inventory >
• Create new
• Register
• Remove
• Unregister
Virtual machine > Provisioning >
• Allow read-only disk access
• Allow virtual machine download
• Mark as Template
Virtual machine > State
• Create snapshot
• Remove Snapshot
• Revert to snapshot
Categories
Minimum Required vCenter User Account Permissions for Avamar User
Here are the minimum required vCenter User Account Permissions for an Avamar account in order to setup image level backups according to EMC best practices.