Permissions

This table contains the list of operations that require specific user account permissions.

Note

If you plan to restore Oracle databases using Veeam Explorer for Oracle, consider the required permissions listed in the Permissions section of Veeam Explorers User Guide.

Operation	Required Roles and Permissions
Configuring Veeam Plug-in	The OS user account used for configuring Veeam Plug-in must have the following permissions. For Linux and Unix: To configure Veeam Plug-in on a Linux or Unix machine, use an account which is a member of the OSDBA (typically called as “dba”) group and has SYSDBA privileges. For Microsoft Windows: To configure Veeam Plug-in on a Microsoft Windows machine, use an account which is a member of the ORA_DBA group and has SYSDBA privileges.
Performing backup and restore in Veeam Plug-in	The account used for starting Oracle RMAN backup and restore processes Veeam Plug-in must have the following permissions. For Linux and Unix: To launch RMAN backup or restore, you can use any user account that has required set of privileges for backup operations on the Oracle side. Starting from Oracle Database 12c, Oracle recommends to use the SYSBACKUP role. For details, see this Oracle article. During the backup process, Veeam Plug-in connects to the database to get database properties. Thus, Linux/Unix user that started the RMAN client must be a member of the OSDBA (typically called as “dba”) group and has SYSDBA privileges. IMPORTANT: If you use the CONNECT command in the RMAN script, the plug-in manager process will be started by the owner of the Oracle listener, not by the user that started the RMAN client. Thus, if the listener is owned by a cluster service user (grid) that is not a member of the OSDBA group and does not have SYSDBA privileges, the plug-in manager will not be able to collect database properties and the backup will fail. As a workaround, you can add DBA privileges to the grid user. For Microsoft Windows: To launch RMAN backup or restore, you can use any user account that has required set of privileges for backup operations on the Oracle side. Starting from Oracle Database 12c, Oracle recommends to use the SYSBACKUP role. For details, see this Oracle article. During the backup process, Veeam Plug-in connects to the database to get DB properties. Thus, the Oracle home user must be a member of the ORA_DBA group and the OS authentication must be enabled for this user.
Connecting to Veeam Backup & Replication, managing backups	The account which is used to authenticate against Veeam Backup & Replication must have access permissions on required Veeam repository servers. To learn how to configure permissions on repositories, see Access and Encryption Settings on Repositories. The Veeam Plug-in for Oracle RMAN uses Windows authentication methods of the Veeam Backup & Replication server to establish a connection to this server and to the backup target. It is recommended to create one user for each Veeam Plug-in server or RAC. To work with backups created by Veeam Plug-in, you can use only the account used for creating the backup. If you want to use another account, assign the Veeam Backup Administrator role or Veeam Backup Operator and Veeam Restore Operator roles to the account. To learn how to assign Veeam Backup & Replication roles, see the Users and Roles section in the Veeam Backup & Replication User Guide.

Operation

Required Roles and Permissions

Configuring Veeam Plug-in

The OS user account used for configuring Veeam Plug-in must have the following permissions.

For Linux and Unix:

To configure Veeam Plug-in on a Linux or Unix machine, use an account which is a member of the OSDBA (typically called as “dba”) group and has SYSDBA privileges.

For Microsoft Windows:

To configure Veeam Plug-in on a Microsoft Windows machine, use an account which is a member of the ORA_DBA group and has SYSDBA privileges.

Performing backup and restore in Veeam Plug-in

The account used for starting Oracle RMAN backup and restore processes Veeam Plug-in must have the following permissions.

For Linux and Unix:

To launch RMAN backup or restore, you can use any user account that has required set of privileges for backup operations on the Oracle side. Starting from Oracle Database 12c, Oracle recommends to use the SYSBACKUP role. For details, see this Oracle article.

During the backup process, Veeam Plug-in connects to the database to get database properties. Thus, Linux/Unix user that started the RMAN client must be a member of the OSDBA (typically called as “dba”) group and has SYSDBA privileges.

IMPORTANT: If you use the CONNECT command in the RMAN script, the plug-in manager process will be started by the owner of the Oracle listener, not by the user that started the RMAN client. Thus, if the listener is owned by a cluster service user (grid) that is not a member of the OSDBA group and does not have SYSDBA privileges, the plug-in manager will not be able to collect database properties and the backup will fail. As a workaround, you can add DBA privileges to the grid user.

For Microsoft Windows:

During the backup process, Veeam Plug-in connects to the database to get DB properties. Thus, the Oracle home user must be a member of the ORA_DBA group and the OS authentication must be enabled for this user.

Connecting to Veeam Backup & Replication, managing backups

The account which is used to authenticate against Veeam Backup & Replication must have access permissions on required Veeam repository servers. To learn how to configure permissions on repositories, see Access and Encryption Settings on Repositories.

The Veeam Plug-in for Oracle RMAN uses Windows authentication methods of the Veeam Backup & Replication server to establish a connection to this server and to the backup target. It is recommended to create one user for each Veeam Plug-in server or RAC.

To work with backups created by Veeam Plug-in, you can use only the account used for creating the backup. If you want to use another account, assign the Veeam Backup Administrator role or Veeam Backup Operator and Veeam Restore Operator roles to the account. To learn how to assign Veeam Backup & Replication roles, see the Users and Roles section in the Veeam Backup & Replication User Guide.