This section provides information on the account permissions required for installing/upgrading and using Veeam Backup Enterprise Manager and its components.
Veeam Backup Enterprise Manager
The account used to run the setup must have the local Administrator permissions on the target machine.
[Configuration database on PostgreSQL] The PostgreSQL account must be a superuser.
[Configuration database on Microsoft SQL Server] You require different sets of Microsoft SQL Server permissions in the following cases:
Veeam Backup Enterprise Manager service account
Use the Local System account as the Veeam Backup Enterprise Manager Service account. If you set another account to run this service, this account must have the following permissions:
To add Active Directory user or group accounts to the Veeam Backup Enterprise Manager roles, the Veeam Backup Enterprise Manager service must be started under the Active Directory service account that has permissions to enumerate Active Directory domains. Active Directory users have enough permissions to enumerate Active Directory domains by default. If you use the local machine account instead, you will get the "Cannot find user account DOMAIN\username" error.
Enterprise Manager user
To work with the Veeam Backup Enterprise Manager web UI, users must be assigned the Portal Administrator, Portal User, or Restore Operator role. For more information, see Configuring Accounts and Roles.
vSphere Client Plug-in for Veeam Backup & Replication (optional)
The account used to install the plug-in and the vCenter Server account must belong to the same Active Directory domain in case of cross-domain access.
The account used to install the plug-in must be assigned the following vCenter Server permissions:
vSphere Self-Service Backup Portal user
The account used to work with vSphere Self-Service Backup Portal must have interactive logon permissions on the Enterprise Manager server.