Below are the minimum required vCenter User Account Permissions for an Avamar account in order to setup image level backups. EMC recommends as a best practice to setup a separate account for Avamar to use during the image-level backups. This is to assist with troubleshooting any problems with backups and to also help maintain a secure vCenter environment. In high-security environments, you can restrict the vCenter user account permissions required to configure and administer the Avamar VMware image backup and restore feature to all of the following:
Datastore >
• Allocate Space
• Browse datastore
• Low level file operations
• Move datastore
• Remove datastore
• Remove file
• Rename datastore
Folder >
• Create Folder
Global >
• Cancel task
• Log event
• Settings
Network >
• Assign network
• Configure
Resource >
• Assign virtual machine to resource pool
Sessions >
• Validate session
Tasks >
• Create task
• Update task
Virtual machine > Configuration >
• Add existing disk
• Add new disk
• Add or Remove device
• Advanced
• Change CPU count
• Change Resource
• Disk change Tracking
• Disk Lease
• Host USB device
• Memory
• Modify device setting
• Raw device
• Reload from path
• Remove disk
• Rename
• Reset guest information
• Settings
• Swapfile placement
• Upgrade virtual hardware
• Extend Virtual disk
Virtual machine > Interaction >
• Power Off
• Power On
• Reset
Virtual machine > Inventory >
• Create new
• Register
• Remove
• Unregister
Virtual machine > Provisioning >
• Allow read-only disk access
• Allow virtual machine download
• Mark as Template
Virtual machine > State
• Create snapshot
• Remove Snapshot
• Revert to snapshot
Leave a Reply