Permissions and Security Groups

Do not mix permissions on virtual infrastructure inventory objects with the Veeam ONE security model that is based on security groups.

Users in Security Groups

Security groups define what actions users can perform in Veeam ONE. That is, what part of Veeam ONE functionality is available to users.

  • Veeam ONE Administrators have access to all functions in Veeam ONE. They can perform all types of actions that Veeam ONE supports, including configuration actions.
  • Veeam ONE Power Users have read access to monitoring data and can fully manage reports and dashboards but do not have access to Veeam ONE configuration settings.

Note:

Members of the Power Users security group can run report and dashboard scheduling scripts on the machine on which the Veeam ONE Web Services component is installed. Include users into this group with caution.

 

  • Veeam ONE Read-Only Users have limited access to Veeam ONE functions: they can access data in the read-only mode but cannot perform configuration tasks.

Users included in either Veeam ONE security group (Administrators, Power Users or Read-Only Users) have access to:

  • All Veeam ONE consoles (Veeam ONE Client, Veeam ONE Web Client)
  • All objects of the infrastructure inventory (including VMware vSphere, VMware Cloud Director, Microsoft Hyper-V, Veeam Backup & Replication and Veeam Backup for Microsoft 365)

Users with Restricted Permissions on Virtual Infrastructure Inventory

Permissions define what part of the virtual infrastructure is visible to a Veeam ONE user. To monitor and report on a restricted subset of the virtual infrastructure in Veeam ONE, a user must have permissions assigned on objects of the VMware vSphere or VMware Cloud Director inventory hierarchy. In this case, the user can utilize Veeam ONE monitoring and reporting capabilities for available objects of the VMware vSphere or VMware Cloud Director infrastructure. Microsoft Hyper-V, Veeam Backup & Replication and Veeam Backup for Microsoft 365 inventory objects are unavailable for the user. For details on limitations of functionality for users with restricted permissions, see section Functional Restrictions.

Important!

Do not include a user with restricted permissions into Veeam ONE security groups. Members of security groups always have access to the whole infrastructure inventory in Veeam ONE, regardless of their permissions on the VMware vSphere or VMware Cloud Director inventory hierarchy.

User Permissions

The following table describes what functionality is available to users in accordance with their user role.

Veeam ONE Reporting

Functionality

Veeam ONE Administrator

Veeam ONE Power User

Veeam ONE Read Only User

Threat Center

Full

Full

Read

Dashboards

Full

Full

Read

Reports

Full

Full

Read

Scheduling

Full

Full

N/A

Jobs Calendar

Full

Full

N/A

Deployment Projects

Full

Full

Read

Configuration

Full

N/A

N/A

Notification Bell

Full

Full

Full

Veeam ONE Monitoring

Functionality

Veeam ONE Administrator

Veeam ONE Power User

Veeam ONE Read Only User

Alarms

Full

Read

Read

Infrastructure Changes

Full

N/A

N/A

Monitoring

Full

Read

Read

Server Settings

Full

N/A

N/A

Client Settings

Full

Full

Full

Licensing

Full

N/A

N/A

Business View

Full

Read

Read

Notification Settings

Full

N/A

N/A

Credentials Manager

Full

N/A

N/A