Permissions

In this article

    The accounts used to install and administer VAO must have the following permissions.

    Account

    Required Permission

    Setup Account

    The account used for product installation must be a domain user who has the local Administrator permissions on the target machine.

    VAO Service Accounts

    The accounts used to run VAO services, Veeam Backup & Replication services and Veeam ONE services must have the local Administrator permissions on the VAO server.

    The accounts must also be granted the Log on as a service right. For more information on Windows security policy settings, see Microsoft Docs.

    VAO Agent Account

    The account used to install and run the VAO agent on a Veeam Backup & Replication server must be a Windows domain account, and have both the local Administrator and the Veeam Backup Administrator permissions on the server.

    VAO User Accounts

    The accounts used to log in to the VAO UI must be granted the Allow log on locally right. For more information on Windows security policy settings, see Microsoft Docs.

    vCenter Server Permissions

    The account used to connect the vCenter Server to the VAO infrastructure must have administrative permissions. You can either grant the Administrator role to the account or configure more granular permissions. For more information, see Veeam Backup & Replication Required Permissions and Veeam ONE Required Permissions.

    To be able to open sessions on the vCenter Server system, the account must also have the Sessions.Validate session privilege on the root vCenter Server. For more information on session privileges, see VMware Docs.

    Microsoft SQL Server Permissions

    Different sets of Microsoft SQL permissions are required in the following cases:

    • Installation (remote or local): the current account needs the CREATE ANY DATABASE permission on the SQL server level. After the database is created, this account automatically gets a db_owner role and can perform all operations with the database.
    • Operation: the account used to run VAO services, Veeam Backup & Replication services and Veeam ONE services requires the db_owner role, as well as permissions to execute stored procedures for the configuration databases on the Microsoft SQL Server.

    For more information, see Veeam Backup & Replication Required Permissions and Veeam ONE Required Permissions.

    NetApp Storage System Permissions

    The account used to connect the storage system to the VAO infrastructure must be granted permissions described in section NetApp Data ONTAP Permissions.

    VAO Step Accounts

    The account used to run the Verify SharePoint URL step, must be assigned the SharePoint_Shell_Access role and must be a member of the WSS_ADMIN_WPG group on the processed VM.

    The account used to run the Verify Exchange Mailbox step, must be assigned the ApplicationImpersonation role on the processed VM.

    NetApp Data ONTAP Permissions

    The account used to connect to a NetApp Data ONTAP storage system must have the following permissions:

    Command/Directory

    Access/Query Level

    DEFAULT

    none

    job

    readonly

    lun

    all

    network interface

    readonly

    snapmirror

    all

    version

    readonly

    volume

    all

    vserver

    readonly

    I want to report a typo

    There is a misspelling right here:

     

    I want to let the Veeam Documentation Team know about that.