Connection to Virtual Servers

In this article

    This section describes permissions to accounts used to connect virtual servers.

    VMware vSphere Servers

    The account used to connect vCenter Server and ESXi hosts must have the following permissions:

    VI Object

    Required Permissions

    vCenter, ESXi host

    • Read-only
    • Host.CIM.CIM Interaction1
    • Host.Configuration.Connection1
    • Virtual machine.Interaction.Answer question2
    • Virtual machine.Snapshot management.Remove Snapshot3
    • vSphere Tagging.Assign or Unassign vSphere Tag4
    • vSphere Tagging.Create vSphere Tag4
    • vSphere Tagging.Create vSphere Tag Category4
    • vSphere Tagging.Delete vSphere Tag4
    • vSphere Tagging.Delete vSphere Tag Category4
    • Global.Global tag3 (not required VMware vSphere version 6.5 or later)
    • Virtual machine.Interaction.Console interaction5
    • Datastore.Browse datastore6
    • Global.Licenses7

    Note: Names of privileges are provided for the latest supported version of VMware vSphere, and may vary for different platform versions.

    1 Required for gathering of ESXi host hardware data.
    2 Required for using VM Console and viewing snapshot information.
    3 Required for running remediation actions.
    4 Required for collecting and updating tags on the vCenter Server side. The privileges must be assigned at the vCenter Server level.
    5 Required for accessing VM console from Veeam ONE Client.
    6 Required for collecting datastore details.
    7 Required for collecting license information.

    Microsoft Hyper-V Hosts and Clusters

    The account used to connect standalone Microsoft Hyper-V hosts must:

    This includes remote access, activation and launching the DCOM application of WMI, and remote access to the root WMI namespace and sub-namespaces. For details on granting these permissions, see Configuring Permissions to Remotely Access WMI.

    The account used to connect Microsoft Hyper-V clusters must have local Administrator permissions on these clusters.

    Microsoft SCVMM

    The account used to connect an SCVMM Server must have in SCVMM an assigned user role that is based on the Read-Only Administrator profile.

    To monitor clusters and hosts managed by SCVMM, the minimal required permissions for these hosts and clusters must be granted to the same account. For details, see Microsoft Hyper-V Hosts and Clusters.