Permissions and Security Groups
Do not mix permissions on virtual infrastructure inventory objects with the Veeam ONE security model that is based on security groups.
Users in Security Groups
Security groups define what actions users can perform in Veeam ONE. That is, what part of Veeam ONE functionality is available to users.
- Veeam ONE Administrators have access to all functions in Veeam ONE. They can perform all types of actions that Veeam ONE supports, including configuration actions.
- Veeam ONE Power Users have read access to monitoring data and can fully manage reports and dashboards but do not have access to Veeam ONE configuration settings.
Note: |
Note that members of the Power Users security group can run report and dashboard scheduling scripts on the machine on which the Veeam ONE Web Services component is installed. Include users into this group with caution. |
- Veeam ONE Read-Only Users have limited access to Veeam ONE functions: they can access data in the read-only mode but cannot perform configuration tasks.
Users included in either Veeam ONE security group (Administrators, Power Users or Read-Only Users) have access to:
- All Veeam ONE consoles (Veeam ONE Client, Veeam ONE Web Client)
- All objects of the infrastructure inventory (including VMware vSphere, VMware Cloud Director, Microsoft Hyper-V, Veeam Backup & Replication and Veeam Backup for Microsoft 365)
Users with Restricted Permissions on Virtual Infrastructure Inventory
Permissions define what part of the virtual infrastructure is visible to a Veeam ONE user. To monitor and report on a restricted subset of the virtual infrastructure in Veeam ONE, a user must have permissions assigned on objects of the VMware vSphere or VMware Cloud Director inventory hierarchy. In this case, the user can utilize Veeam ONE monitoring and reporting capabilities for available objects of the VMware vSphere or VMware Cloud Director infrastructure. Microsoft Hyper-V, Veeam Backup & Replication and Veeam Backup for Microsoft 365 inventory objects will be unavailable for the user.
Note that for users of this type some Veeam ONE functionality is disabled. For details on limitations, see section Functional Restrictions.
Important! |
Do not include a user with restricted permissions into Veeam ONE security groups. Members of security groups always have access to the whole infrastructure inventory in Veeam ONE, regardless of their permissions on the VMware vSphere or VMware Cloud Director inventory hierarchy. |