Editing Access Permissions

If you want to store in the backup repository backups of virtual and physical machines created by Veeam Backup & Replication additional solutions, for example, Veeam Agent for Microsoft Windows, Veeam Agent for Linux, Veeam Plug-ins for Enterprise Applications and so on, you must set up access permissions to backup repositories.

Access permissions are granted to security principals such as users and AD groups by the backup administrator who works with Veeam Backup & Replication. Users with granted access permissions can target backup jobs created by additional solutions at this backup repository and perform restore from backups located in this backup repository.

Note

If you plan to create backups in a Veeam backup repository with Veeam Agent backup jobs configured in Veeam Backup & Replication, you do not need to grant access permissions on the backup repository to users. In the Veeam Agent management scenario, to establish a connection between the backup server and protected computers, Veeam Backup & Replication uses a TLS certificate. To learn more, see the Configuring Security Settings section in the Veeam Agent Management Guide.

If you plan to create backups in a Veeam backup repository with Veeam Backup for Nutanix AHV, you do not need to grant access permissions when configuring repositories, you must do that when configuring Nutanix AHV backup appliances.

Right after installation, access permissions on the default backup repository are set to Allow to everyone for testing and evaluation purposes. If necessary, you can change these settings.

After you create a new backup repository, access permissions on this repository are set to Deny to everyone. To allow users to store backups in the backup repository, you must grant users with access permissions to this repository.

Managing Permissions of Backup Repositories

To grant access permissions to a security principal:

  1. Open the Backup Infrastructure view.
  2. In the inventory pane, click one of the following nodes:
  1. In the working area, select the necessary backup repository and click Set Access Permissions on the ribbon or right-click the backup repository and select Access permissions. If you do not see the Set Access Permissions button on the ribbon or the Access permissions command is not available in the shortcut menu, press and hold the [Ctrl] key, right-click the backup repository and select Access permissions.

Editing Access Permissions 

  1. In the Standalone applications window, specify to whom you want to grant access permissions on this backup repository:

Editing Access Permissions 

Managing Permissions for S3 Compatible Object Storage

If you plan to use S3 compatible object storage as an object storage repository, you must set up access permissions to the object storage. These permissions are used if you keep in object storage repositories backups created by Veeam Agent or by Veeam Cloud Connect tenant. For more information, see Backup to Object Storage in the Veeam Agent Management Guide and Backup to Object Storage in the Veeam Cloud Connect Guide.

To manage permissions for S3 compatible object storage, perform the following:

  1. In Veeam Backup & Replication, open the Backup Infrastructure view.
  1. In the inventory pane, click the Backup Repositories node.
  1. In the working area, select the necessary S3 compatible backup repository and click Set Access Permissions on the ribbon or right-click the backup repository and select Access permissions. If you do not see the Set Access Permissions button on the ribbon or the Access permissions command is not available in the shortcut menu, press and hold the [Ctrl] key, right-click the backup repository and select Access permissions.
  2. On the Security tab, specify how Veeam Agent or a SP will access an S3 compatible object storage repository:
  • Agents share credentials to object storage repository — use this option if you want directly access the S3 compatible object storage repository. In this case, Veeam Agent will use credentials that you specified when added the S3 compatible object storage repository to the backup infrastructure.

Important

This option is not secure since Veeam Backup & Replication will have access permissions on the bucket where you keep your folders with backups.

  • Provided by the backup server — use this option if you want to access the S3 compatible object storage repository through a gateway server.
  • Provided by IAM/STS object storage capabilities — use this option if you want directly access the S3 compatible object storage repository. In this case, Veeam Backup & Replication will create service tokens that Veeam Agent or a SP will use to access the S3 compatible object storage repository.

To specify credentials, do the following:

  1. In the Identity and access management (IAM) endpoint field, specify the endpoint of your S3 compatible object storage repository.
  1. In the Security token service (STS) endpoint field, specify the security token.

Editing Access Permissions 

Page updated 9/30/2024

Page content applies to build 12.3.0.310