If you wish to assign permissions to a user account in vCenter specifically for VM Backup, you need to configure the correct privileges for backup and restore operations to take place successfully. The following permissions apply to vCenter 5.0 and later, with a notable difference in the below table for vCenter 5.1 and later.
To create an account and assign the permissions, you can follow these steps:
- Go to [Administration] > [Roles]
- Click on [Add Role]
- Enter a name for the role, such as VM Backup
- Assign the following permissions to this account:
Section
|
Privileges
|
Cryptographic operations
|
|
dvPort Group
|
|
Datastore
|
•
|
Allocate space
|
•
|
Browse Datastore
|
•
|
Configure Datastore
|
•
|
Low level file operations
|
|
Extension
|
•
|
Register extension
|
•
|
Unregister extension
|
|
Folder
|
•
|
Create folder
|
•
|
Delete folder
|
|
Global
|
•
|
Log event
|
•
|
Manage custom attributes
|
•
|
Set custom attribute
|
•
|
Settings
|
|
Host Configuration
|
•
|
Storage partition configuration
|
|
Host Inventory
|
|
Host Local Operations
|
|
vSphere Tagging
|
•
|
Assign or Unassign vSphere Tag
|
|
Network
|
•
|
Assign network
|
•
|
Configure
|
|
Resource
|
•
|
Assign vApp to resource pool
|
•
|
Assign virtual machine to resource pool
|
•
|
Create resource pool
|
•
|
Migrate powered off virtual machine
|
•
|
Migrate powered on virtual machine
|
• |
Remove resource pool
|
|
Tasks
|
|
Datastore cluster
|
•
|
Configure a datastore cluster
|
|
Profile-driven storage
|
•
|
Profile-drive storage update
|
• |
Profile-driven storage view |
|
vApp
|
•
|
Import
|
• |
Add virtual machine |
• |
Assign resource pool |
• |
Unregister |
|
Virtual Machine Configuration
|
•
|
Select all privileges in this section
|
|
Guest operations
|
•
|
Guest operation modifications
|
• |
Guest operation program execution |
• |
Guest operation queries |
|
Virtual Machine Interaction
|
•
|
Configure floppy media
|
• |
Console interaction |
•
|
Connect devices
|
•
|
Guest Operating System Management by VIX API
|
•
|
VMware Tools Install
|
• |
Suspend |
|
Virtual Machine Edit Inventory
|
|
Virtual Machine Provisioning
|
•
|
Allow read-only disk access
|
|
Virtual Machine Snapshot management
|
•
|
Remove snapshot
|
• |
Rename snapshot |
|
- Go back to the [Hosts and Clusters] view
- Click on the top-level vCenter and go to the [Permissions] tab
- Add the specific user account you're looking to use, then assign the newly created User Role
-
Ensure that the vCenter is added from VM Backup using this user account