Permissions

Depending on the scenario, the user accounts must have the permissions listed in the following subsections:

 

Permissions for Backup to Object Storage

If you plan to back up data to object storage, make sure that the user account that you use to connect to the object storage has the required permissions. The list of required permissions differs depending on the selected object storage:

Amazon S3 or S3 compatible

If you plan to back up data to the Amazon S3 or S3 compatible storage, make sure the user account that you plan to use has the following permissions:

Identity-based permission:

{
 "s3:ListAllMyBuckets"
}

Resource-based permissions:

{
 "s3:PutObject",
 "s3:GetObject",
 "s3:ListBucket",
 "s3:DeleteObject",
 "s3:GetBucketLocation",
 "s3:GetBucketVersioning",
 "s3:GetBucketObjectLockConfiguration"
}

TIP

For information about required permissions for Amazon S3 storage with immutability enabled, see the Using Object Storage Repositories section in the Veeam Backup & Replication User Guide.

Google Cloud Storage

If you plan to back up data to the Google Cloud storage, make sure the user account that you plan to use has the following permissions:

{
 "storage.buckets.get",
 "storage.buckets.list",
 "storage.objects.create",
 "storage.objects.delete",
 "storage.objects.get",
 "storage.objects.list"
}

Permissions for Guest Processing

To use guest processing, make sure to configure user accounts according to the requirements listed in this section.

Consider the following general requirements when choosing a user account:

Depending on the application you need to back up, the user must have the permissions listed in the table below:

Application

Required Permission

Microsoft SQL Server

To back up Microsoft SQL Server data, the user whose account you plan to use must be:

  • Local Administrator on the Veeam Agent computer.
  • System administrator (has the Sysadmin role) on the target Microsoft SQL Server.

If you need to provide minimal permissions, the user account must be assigned the following roles and permissions:

  • SQL Server instance-level role: public and dbcreator.
  • Database-level roles and roles for the model system database: db_backupoperator, db_denydatareader, public;
    for the master system database — db_backupoperator, db_datareader, public;
    for the msdb system database — db_backupoperator, db_datareader, public, db_datawriter.
  • Securables: view any definition, view server state, connect SQL.

Microsoft Active Directory

To back up Microsoft Active Directory data, the user account must be a member of the built-in Administrators group.

Microsoft Exchange

To back up Microsoft Exchange data, the user account must have the Local Administrator permissions in Microsoft Exchange.

Oracle

To back up Oracle data, the user account must be configured as follows:

  • The user account must be a member of both the Local Administrators group and the ORA_DBA group (if OS authentication is used).
  • The user account must be granted SYSDBA privileges.

Microsoft SharePoint

To back up Microsoft SharePoint server, the user account must have the Farm Administrator role.

To back up Microsoft SQL databases of the Microsoft SharePoint Server, the user account must have the same privileges as for the Microsoft SQL Server.