Veeam Backup & Replication 10
Veeam Backup Enterprise Manager Guide
Related documents

Required Permissions

This section provides information on the account permissions required for installing/upgrading and using Veeam Backup Enterprise Manager and its components.

Veeam Backup Enterprise Manager

Account

Required Permission

Account used to run the setup

The account used for product installation must have the local Administrator permissions on the target machine.

To create a new Veeam Backup Enterprise Manager database during the setup process, the account must have the CREATE ANY DATABASE permission on the SQL Server level. After the database is created, this account automatically gets a db_owner role and can perform all operations with the database.

Note: If a database is created in advance (by a database administrator or SQL Server administrator), the setup account must have the db_owner role for the database.

To upgrade an existing Enterprise Manager database, the account must have the db_owner role.

Veeam Backup Enterprise Manager service account

It is recommended to use the Local System account as the Veeam Backup Enterprise Manager Service account. If you set another account to run this service, this account must have the following permissions:

  • Local Administrator permissions on the Veeam Backup Enterprise Manager server.
  • Log on as service right (granted automatically to the Veeam Backup Enterprise Manager Service account).
  • Db_datareader and db_datawriter roles, as well as permissions to execute stored procedures for the Enterprise Manager database on the Microsoft SQL Server. Alternatively, you can assign this account the db_owner role for the Enterprise Manager database.
  • Full Control NTFS permissions for the VBRCatalog or another folder where index files are stored.

To add Active Directory user or group accounts to the Veeam Backup Enterprise Manager roles, the Veeam Backup Enterprise Manager service must be started under the Active Directory service account that has permissions to enumerate Active Directory domains. Active Directory users have enough permissions to enumerate Active Directory domains by default. If you use the local machine account instead, you will get the "Cannot find user account DOMAIN\username" error.

Enterprise Manager user

To be able to work with the Veeam Backup Enterprise Manager web UI, users must be assigned the Portal Administrator, Portal User or Restore Operator role. For more information, see Configuring Security Settings.

vSphere Web Client Plug-in for Veeam Backup & Replication (optional)

The account used to install the plug-in and the vCenter server account must belong to the same Active Directory domain in case of cross-domain access.

The account used to install the plug-in must be assigned the following vCenter Server permissions:

  • To install the plug-in Extension > Register extension
  • To uninstall the plug-in Extension > Unregister extension

vSphere Self-Service Backup Portal user

The account used to work with vSphere Self-Service Backup Portal must have interactive logon permissions on the Enterprise Manager server.

This Document Help Center
User Guide for VMware vSphereUser Guide for Microsoft Hyper-VVeeam Backup Enterprise Manager GuideVeeam Agent Management GuideVeeam Cloud Connect GuideVeeam Explorers User GuideVeeam Plug-ins for Enterprise Applications GuideVeeam PowerShell ReferenceVeeam Explorers PowerShell ReferenceVeeam RESTful API ReferenceRequired Permissions for VMware vSphereQuick Start Guide for VMware vSphereQuick Start Guide for Microsoft Hyper-VVeeam ONE DocumentationVeeam Agent for Windows DocumentationVeeam Agent for Linux DocumentationVeeam Backup for AWS DocumentationVeeam Backup for Microsoft Azure DocumentationVeeam Backup for Nutanix AHV User GuideVeeam Backup for Microsoft Office 365 DocumentationVeeam Management Pack Documentation
I want to report a typo

There is a misspelling right here:

 

I want to let the Veeam Documentation Team know about that.