Managing Accounts and Roles
Veeam Backup Enterprise Manager implements security by limiting access to web management website features and data, based on user roles. This empowers administrators to delegate permissions in a very granular way, on an as-needed basis, to the individuals who will complete the restore process. It is possible, for example, to delegate permissions to recover files without actually being able to see the contents of the files.
To be able to log in to the Veeam Backup Enterprise Manager website, a user must have the Portal Administrator, Restore Operator or Portal User role assigned.
Enterprise Manager Role | How is Assigned | Access to Configuration | Allowed Operations |
Portal Administrator | Initially by default to the users listed in the local Administrators group and the user who installed Veeam Backup Enterprise Manager. By an existing Portal Administrator in the Enterprise Manager > Configuration > Roles | Yes | Full access to all available operations on all tabs of the web UI. |
Portal User | By Portal Administrator in the Enterprise Manager > Configuration > Roles | No |
|
Restore Operator | By Portal Administrator in the Enterprise Manager > Configuration > Roles | No |
|
Users with the Portal User or Restore Operator role can access their restore scope — a list of machines that can be recovered by appropriate personnel. For example, database administrators can restore database servers (SQL, Oracle, or other) — this is their restore scope; Exchange administrators’ restore scope will include Exchange server machines, and so on. Depending on their role configuration, non-administrative users can access the Machines and/or Files tab of Veeam Backup Enterprise Manager website.
Important! |
Restore scope (list of machines a user can recover) can be customized if you have Enterprise Plus edition of Veeam Backup & Replication; in other editions, this list includes all machines and cannot be customized. However, you can delegate recovery of entire machines, guest files, or selected file types. For more information, see Restrictions for Delegated Restore. |
Assigning Role
To specify security settings for a user or a group of users:
- Open the Configuration tab.
- Open the Roles section on the left of the Configuration view.
- Click Add on the toolbar.
- In the Account type field, select the type of account you want to add: User or Group.
- In the Account field, specify the user account in the DOMAIN\Username format.
- From the Role list, select the necessary portal role to be assigned: Portal User, Portal Administrator or Restore Operator.
- In the Restore scope section, you can allow a user to restore all machines processed by managed backup servers or the selected machines only. For more information, see Configuring Restore Scope.
- In the Allow restore of section, you can configure additional restrictions for the restore scope. For more information, see Restrictions for Delegated Restore.
Note: |
To be able to assign any of these roles to Active Directory domain users and/or groups, make sure that Veeam Backup Enterprise Manager service account has sufficient rights to enumerate Active Directory domains. (By default, Active Directory users have enough rights to enumerate Active Directory domains.) |
To edit settings of an added user or group, select it in the list of roles and click Edit on the toolbar. Then edit user or group settings as required.
To delete an added user or group, select it in the list and click Remove on the toolbar.