Below are the minimum required vCenter User Account Permissions for an Avamar account in order to setup image level backups. EMC recommends as a best practice to setup a separate account for Avamar to use during the image-level backups. This is to assist with troubleshooting any problems with backups and to also help maintain a secure vCenter environment. In high-security environments, you can restrict the vCenter user account permissions required to configure and administer the Avamar VMware image backup and restore feature to all of the following:




Datastore >

• Allocate Space

• Browse datastore

• Low level file operations

• Move datastore

• Remove datastore

• Remove file

• Rename datastore

Folder >

• Create Folder

Global >

• Cancel task

• Log event

• Settings

Network >

• Assign network

• Configure

Resource >

• Assign virtual machine to resource pool

Sessions >

• Validate session

Tasks >

• Create task

• Update task

Virtual machine > Configuration >

• Add existing disk

• Add new disk

• Add or Remove device

• Advanced

• Change CPU count

• Change Resource

• Disk change Tracking

• Disk Lease

• Host USB device

• Memory

• Modify device setting

• Raw device

• Reload from path

• Remove disk

• Rename

• Reset guest information

• Settings

• Swapfile placement

• Upgrade virtual hardware

• Extend Virtual disk

Virtual machine > Interaction >

• Power Off

• Power On

• Reset

Virtual machine > Inventory >

• Create new

• Register

• Remove

• Unregister

Virtual machine > Provisioning >

• Allow read-only disk access

• Allow virtual machine download

• Mark as Template

Virtual machine > State

• Create snapshot

• Remove Snapshot

• Revert to snapshot