Veeam Management Pack 8.0 Update 6 for System Center
Veeam MP for VMware User Guides
Related documents

Accounts and Privileges

Ops Mgr Agent Operation

The Ops Mgr agent action account must have the Administrator permissions on the server where the Veeam MP for VMware component (Collector, VE Service) runs. To be able to monitor Veeam Backup & Replication infrastructure, you must assign the Veeam Backup Administrator role to this account as well. For more information on how to assign roles in Veeam Backup & Replication, see the Veeam Backup & Replication User Guide for VMware vSphere, section Roles and Users.

Connection to VMware vCenter

The account used to connect to VMware systems must have at minimum Read-only privilege.

Gathering vSphere Datastore Data

To be able to run the Scan Datastore for Unknown Files task, you must assign the Browse datastore privilege to the account, and make sure that the Create and Update task permissions are enabled.

To assign the privilege to the user role, edit the following role settings:

  1. Go to All Privileges > Datastore and enable Browse datastore.
  2. Go to All Privileges > Tasks, and enable Create task and Update task.

Click the image to zoom in

To create the appropriate user role and assign specific permissions, use the vSphere Client, as described in VMware documentation.

Access should be provided to the complete vSphere hierarchy and not only to specific objects. Using No Access or otherwise restricted permissions to any part of the vCenter hierarchy to configure monitoring visibility is not supported. To define which vSphere clusters and hosts are monitored, use the Veeam UI and check/uncheck clusters and hosts as required.

Accounts and Privileges Note:

If MP Tasks in the context of virtual machine are required, the VMware connection account must be assigned the required elevated privileges to run the task (Power On/Off VM and so on).

Veeam Virtualization Extensions Service Account

The account under which the VE Service runs must be a member of the Veeam Virtualization Extensions Users local group and have Administrator rights.

Veeam VMware Collector Service Account

The Veeam VMware Collector service account must be:

  • An administrative account on the server where the Veeam VMware Collector service runs.
  • A member of the Veeam Virtualization Extensions Users local group on the server running VE Service.

Connection to Veeam UI

To access the Veeam UI (for addition/removal of vCenter connections, configuring Veeam Collector settings and so on), users must be included in the local group named Veeam Virtualization Extensions Users. This local group is created during VE Service installation.

Collector Auto-Deployment Run As Account

The account in the Veeam VMware Collector Auto-Deployment Run As Profile must be:

  • At minimum OpsManager Advanced Operator on Management Servers that will host Veeam Collectors.
  • Local Administrator on Management Server where the VE Service runs.

The account must also be a member of the Veeam Virtualization Extensions Users local group on the server where the VE Service runs.

This Document Help Center
Veeam MP for VMware User GuidesVeeam MP for VMware ReferenceVeeam MP for VMware Online Knowledge BaseVeeam MP for Microsoft Hyper-V User GuideVeeam MP for Hyper-V ReferenceMP for Veeam Backup & Replication User GuideMP for Veeam Backup & Replication ReferenceVeeam Capacity Planning for Hybrid Clouds User GuideVeeam MP Report KnowledgeVeeam MP VEShell ReferenceVeeam MP Resource Kit Guide
I want to report a typo

There is a misspelling right here:


I want to let the Veeam Documentation Team know about that.