Permissions
To perform database protection and recovery operations on a computer with Veeam Plug-In, you must specify the user whose permissions Veeam Backup & Replication will use to access the protected computer and database management system. Depending on the database system, the specified user accounts must have the permissions listed in this section.
Note |
If you plan to restore SAP HANA and Oracle databases using Veeam Explorer for SAP HANA and Veeam Explorer for Oracle, consider the required permissions in the following sections: |
Computer with Veeam Plug-In for Oracle RMAN
- The specified user account must belong to the dba system group. The default name of the OSDBA group depends on the operating system:
- dba in Linux and UNIX.
- ORA_DBA in Microsoft Windows.
To learn more about connecting to a database as administrator using operating system authentication, see this Oracle article.
- [For Linux and Unix computers] If you use Oracle ASM and distribute system privileges with separate operating system groups, make sure you follow the Oracle recommendations described in this Oracle article.
- [For Linux and Unix computers] During application backup policy configuration, when you specify the OS user account as a database administrator and this OS user account is not the Oracle Software Owner User, make sure one of the following requirements is met:
- Permissions for Oracle directories are set with the chmod command as 775.
- The OS user account has the primary membership in the Oracle Inventory Group (oinstall) group.
To learn how to configure the Oracle Inventory Group, see this Oracle article.
- [For Microsoft Windows computers] The specified OS user account must have local administrator privileges.
Computer with Veeam Plug-In for SAP HANA
- The OS user must have sufficient privileges to run the HDBSQL command line tool — for example, this can be the <sid>adm user.
- The DB user used for performing backup and recovery operations with system and tenant databases must have the following system privileges:
- BACKUP ADMIN
- CATALOG READ
- DATABASE BACKUP ADMIN
Computer with Veeam Plug-In for SAP on Oracle
The account used for starting Oracle backup and restore processes must be an OS user who owns the data files of the database system. To learn more about logon options, see this SAP article.
Computer with Veeam Plug-In for Microsoft SQL Server
The account used for starting backup and restore processes must be an Microsoft SQL Server instance user with a sysadmin role.
Consider the following:
- Backup or restore operations that use the Microsoft SQL Server Virtual Device Interface (VDI) require that the server connection for SQL Server must be logged on as the sysadmin server role. For details, see Microsoft SQL documentation.
- If you work with SQL failover cluster or Always On availability group, you must assign permissions to the account on each node.
- If you plan to use the same account for all Veeam Plug-In operations, this account must be an Microsoft SQL Server instance user with a sysadmin role. If you plan to use a separate user for Veeam Plug-In installation using Veeam Deployment Kit, you can assign to this user the following minimal permissions depending on the backup source:
Backup Source | Permissions |
|---|---|
Standalone Microsoft SQL instance | public role
|
Microsoft SQL failover cluster instance | public role
|
Always On availability group | public role
|