Permissions and Security Groups

Do not mix permissions on virtual infrastructure inventory objects with the Veeam ONE security model that is based on security groups.

Users in Security Groups

Security groups define what actions users can perform in Veeam ONE. That is, what part of Veeam ONE functionality is available to users.

  • Veeam ONE Administrators have access to all functions in Veeam ONE. They can perform all types of actions that Veeam ONE supports, including configuration actions.
  • Veeam ONE Power Users have read access to monitoring data and can generate reports but do not have access to Veeam ONE configuration settings.


Members of the Power Users security group can run report and dashboard scheduling scripts on the machine on which the Veeam ONE Web Services component is installed. Include users into this group with caution.


  • Veeam ONE Read-Only Users have limited access to Veeam ONE functions: they can access data in the read-only mode but cannot perform configuration tasks.

Users included in either Veeam ONE security group (Administrators, Power Users or Read-Only Users) have access to:

  • All Veeam ONE consoles (Veeam ONE Client, Veeam ONE Web Client)
  • All objects of the infrastructure inventory (including VMware vSphere, vCloud Director, Microsoft Hyper-V and Veeam Backup & Replication)

Users with Restricted Permissions on Virtual Infrastructure Inventory

Permissions define what part of the virtual infrastructure is visible to a Veeam ONE user. To monitor and report on a restricted subset of the virtual infrastructure in Veeam ONE, a user must have permissions assigned on objects of the VMware vSphere or vCloud Director inventory hierarchy. In this case, the user can utilize Veeam ONE monitoring and reporting capabilities for available objects of the VMware vSphere or vCloud Director infrastructure. Microsoft Hyper-V and Veeam Backup & Replication inventory objects will be unavailable for the user.

Note that for users of this type some Veeam ONE functionality is disabled. For details on limitations, see section Functional Restrictions.


Do not include a user with restricted permissions into Veeam ONE security groups. Members of security groups always have access to the whole infrastructure inventory in Veeam ONE, regardless of their permissions on the VMware vSphere or vCloud Director inventory hierarchy.