Help Center
Choose product document...
Veeam Availability Orchestrator 1.0
Deployment Guide

Required Permissions

The accounts used for installing and using Veeam Availability Orchestrator must have the following permissions.

Account

Required Permission

Setup Account

The account used for product installation must be a domain user who has the Local Administrator permissions on the target machine.

VAO Service Accounts

The accounts used to run VAO services, Veeam Backup & Replication services and Veeam ONE services must have the Local Administrator permissions on the VAO server.

VAO Agent Installation Account

The account used to install a VAO agent on a Veeam Backup & Replication server must have the Veeam Backup Administrator permissions on the server.

vCenter Permissions

The account used to connect the vCenter Server to the VAO infrastructure must have the Administrator permissions.

Instead of granting the Administrator permissions to the account, you can configure more granular permissions. For more information, see Veeam Backup & Replication Required Permissions and Veeam ONE Required Permissions.

Microsoft SQL Server

Different sets of Microsoft SQL permissions are required in the following cases:

  • Installation (remote or local): the current account needs the CREATE ANY DATABASE permission on the SQL server level. After the database is created, this account automatically gets a db_owner role and can perform all operations with the database.
  • Operation: the account used to run VAO services, Veeam Backup & Replication services and Veeam ONE services requires the db_owner role, as well as permissions to execute stored procedures for the configuration databases on the Microsoft SQL Server.

For more information, see Veeam Backup & Replication Required Permissions and Veeam ONE Required Permissions.

VAO Step Accounts

The account used to run the Verify SharePoint step, must be assigned the SharePoint_Shell_Access role and must be a member of the WSS_ADMIN_WPG group on the processed VM.

The account used to run the Exchange Credentials step, must be assigned the ApplicationImpersonation role on the processed VM.

 

Veeam Large Logo

User Guide

Deployment Guide

Categorization Guide

RESTful API Reference