This is an archive version of the document. To get the most up-to-date information, see the current version.

(POST) /security/accounts

In this article

Adds a user or a group account having a specific security role to Veeam Backup Enterprise Manager.

Request

To add an account with a specific security role to Veeam Backup Enterprise Manager, you need to send the POST HTTP request to the URL of the /security/accounts resource.

HTTP Request

POST http://<Enterprise-Manager>:9399/api/security/accounts

Request Header

The request contains the following headers:

Header	Required	Description
X-RestSvcSessionId	True	The request requires authorization. In the header, the client must send a session ID copied from the server reply to the request creating a new logon session. To learn more, see Authentication and Security.

Request Body

In the request body, the client must send the parameters for the account that should be added to Veeam Backup Enterprise Manager and the ID of the role that should be assigned to the account. The body of the request must conform to the XML Schema Definition of Veeam Backup Enterprise Manager RESTful API.

The request body must contain the following elements:

Element	Type	Description	Modifiable	Min/Max Occurrence
AccountType	AccountTypeEnumeration	Type of account added to Veeam Backup Enterprise Manager. Possible values: User Group	No	1/1
AccountName	String	Name of the account added to Veeam Backup Enterprise Manager, for example: VEEAM\Administrator.	Yes	1/1
Roles	URN	ID of the role assigned to the added account. To get a list of IDs for available roles, send the GET HTTP request to the /security/roles resource.	No	1/1
AllowRestoreAllVms	Boolean	Defines whether the account must have permissions to restore all VMs or not. If this parameter is set to False, the client must provide the restore scope in the HierarchyScopeObjects element.	No	1/1
HierarchyScopeObjects	HierarchyScopeCreateSpecType	Restore scope assigned to the added account. To learn more, see Hierarchy Scope Settings.	No	0/1
FlrSettings	FileRestoreSettingsInfoType	File-level restore restrictions assigned to the added account. To learn more, see File-Level Restore Settings. This option is supported starting from Veeam Backup & Replication 9.0 Update 1.	No	0/1

For example:

<?xml version="1.0" encoding="utf-8"?>
<EnterpriseAccountCreateSpec xmlns="http://www.veeam.com/ent/v1.0" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<AccountType>User</AccountType>
<AccountName>DOMAIN\username</AccountName>
<Roles>
<EnterpriseRole>
<EnterpriseRoleUid>urn:veeam:EnterpriseRole:f84a8b62-49b8-4d0c-b25b-92321b52bab6</EnterpriseRoleUid>
</EnterpriseRole>
</Roles>
<AllowRestoreAllVms>false</AllowRestoreAllVms>
<HierarchyScopeObjects>
<HierarchyScopeItem>
<HierarchyObjRef/>
<ObjectName/>
</HierarchyScopeItem>
</HierarchyScopeObjects>
</EnterpriseAccountCreateSpec>

Hierarchy Scope Settings

Hierarchy scope settings are provided in the following format:

<HierarchyScopeObjects>
<HierarchyScopeItem>
<HierarchyObjRef>urn:VMware:Vm:a2b0c55d-829a-4efe-bd95-125ee77ba9dd.vm-7870</HierarchyObjRef>
<ObjectName>VM01</ObjectName>
</HierarchyScopeItem>
</HierarchyScopeObjects>

You can define the following hierarchy scope settings for the added account:

Element	Type	Description	Modifiable	Min/Max Occurrence
HierarchyObjRef	HierarchyObjRefType	Reference to the object in the virtual infrastructure hierarchy. You can construct the reference manually or use the lookup service to retrieve the reference.	Yes	0/1
ObjectName	String	Name of the object in the virtual infrastructure hierarchy, for example: VM01.	Yes	0/1

File-Level Restore Settings

File-level restore settings are provided in the following format:

You can define the following file-level restore settings for the added account:

Element	Type	Description	Modifiable	Min/Max Occurrence
FlrInplaceOnly	Boolean	Defines whether the account must have permissions to restore only files with specific filename extensions or not. If this parameter is set to True, the client must provide filename extensions for files that are permitted for restore in the FlrExtentionRestrictions element.	Yes	1/1
FlrExtentionRestrictions	String	Filename extensions for files that are permitted for restore separated by ',' (comma), for example: doc,pptx,pdf.	Yes	0/1

(POST) /security/accounts Note:

You cannot edit file-level restore settings for the created account. To change file-level restore settings for the account, remove the account and create the account with necessary file-level restore settings.

Query Parameters

None.

Response

The server returns the following response to the client.

Response Codes

A successfully completed operation returns response code 201 Created.

Response Headers

The response to this request contains the following headers. The response may also include additional standard HTTP headers.

Header	Description
Content-length	The length of the response body.
Content-type	The media type and syntax of the request body message: application/xml.

Response Body

None.

Example

The example below adds the User account to Veeam Backup Enterprise Manager and assigns the Restore Operator role to it:

Request:

POST http://localhost:9399/api/security/accounts

Request Header:

X-RestSvcSessionId NDRjZmJkYmUtNWE5NS00MTU2LTg4NjctOTFmMDY5YjdjMmNj

Request Body:

<?xml version="1.0" encoding="utf-8"?>
<EnterpriseAccountCreateSpec xmlns="http://www.veeam.com/ent/v1.0" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<AccountType>User</AccountType>
<AccountName>VEEAM\User</AccountName>
<Roles>
<EnterpriseRole>
<EnterpriseRoleUid>urn:veeam:EnterpriseRole:f84a8b62-49b8-4d0c-b25b-92321b52bab6</EnterpriseRoleUid>
</EnterpriseRole>
</Roles>
<AllowRestoreAllVms>true</AllowRestoreAllVms>
</EnterpriseAccountCreateSpec>

Response:

201 Created

Response Body:

None