Accounts and Roles Overview

Accounts

Administrators can add accounts to Veeam Backup Enterprise Manager to grant users access to the website. Enterprise Manager offers the following account types: User, Group, External User and External Group.

Type	Description	How to Sign In	Name Format
User	Local or AD user	By specifying a user name and password	DOMAIN\Username Domain is optional
Group	Local or AD group	By specifying a user name and password	DOMAIN\Groupname Domain is optional
External User	IdP user	By using single sign-on*	Username@Suffix
External Group	IdP group	By using single sign-on*	Free-form string
vSphere Role	VMware vCenter Server role used to access the Remote vSphere Client plug-in	—	—

* For more information on the single sign-on capability, see SAML Authentication Support.

Roles

To provide an account with permissions, administrators assign one of the following roles to the account: Portal Administrator, Portal User or Restore Operator.

Role	How Is Assigned	Access to Configuration	Permissions
Portal Administrator	Initially by default to the users listed in the local Administrators group and the user who installed Enterprise Manager By Portal Administrator in Configuration > Roles	Yes	Full access to all available operations on all tabs of the web UI
Portal User	By Portal Administrator in Configuration > Roles	No	Access objects from the restore scope on the Machines and Files tabs Run Quick Backup for machines from the restore scope on the Machines tab Perform restore operations as permitted by the delegation settings View information about all backup servers and jobs on the Dashboard, Reports, Jobs and Policies tabs
Restore Operator	By Portal Administrator in Configuration > Roles	No	Access objects from the restore scope on the Machines and Files tabs Perform restore operations as permitted by the delegation settings

Users with the Portal User or Restore Operator role can access their restore scope — a list of objects that can be recovered by appropriate personnel. For example, the restore scope of database administrators is database servers (Microsoft SQL Server, Oracle or other), the restore scope of Exchange administrators is Exchange server machines, and so on. For more information on configuring restore scope, see Configuring Restore Scope.

Important

You can customize the restore scope if you have the Enterprise Plus edition of Veeam Backup & Replication. In other editions, this list includes all objects and cannot be customized. However, you can delegate recovery of entire machines, guest files, or selected file types. For more information, see Configuring Permissions for File and Application Item Restore.