Required Permissions

The accounts used to install and administer VAO must have the following permissions.

Account

Required Permission

Setup Account

The account used for product installation must be a domain user who has the local Administrator permissions on the target machine.

VAO Service Accounts

The accounts used to run VAO services, Veeam Backup & Replication services and Veeam ONE services must have the local Administrator permissions on the VAO server.

The accounts must also be granted the Log on as a service right. For more information on Windows security policy settings, see Microsoft Docs.

VAO Agent Account

The account used to install and run the VAO agent on a Veeam Backup & Replication server must be a Windows domain account, and have both the local Administrator and the Veeam Backup Administrator permissions on the server.

VAO User Accounts

The accounts used to log in to the VAO UI must be granted the Allow log on locally right. For more information on Windows security policy settings, see Microsoft Docs.

vCenter Server Permissions

The account used to connect the vCenter Server to the VAO infrastructure must have administrative permissions. You can either grant the Administrator role to the account or configure more granular permissions. For more information, see Veeam Backup & Replication Required Permissions and Veeam ONE Required Permissions.

To be able to open sessions on the vCenter Server system, the account must also have the Sessions.Validate session privilege on the root vCenter Server. For more information on session privileges, see VMware Docs.

Microsoft SQL Server Permissions

Different sets of Microsoft SQL permissions are required in the following cases:

  • Installation (remote or local): the current account needs the CREATE ANY DATABASE permission on the SQL server level. After the database is created, this account automatically gets a db_owner role and can perform all operations with the database.
  • Operation: the account used to run VAO services, Veeam Backup & Replication services and Veeam ONE services requires the db_owner role, as well as permissions to execute stored procedures for the configuration databases on the Microsoft SQL Server.

For more information, see Veeam Backup & Replication Required Permissions and Veeam ONE Required Permissions.

NetApp Storage System Permissions

The account used to connect the storage system to the VAO infrastructure must be granted permissions described in section NetApp Data ONTAP Permissions.

VAO Step Accounts

The account used to run the Verify SharePoint URL step, must be assigned the SharePoint_Shell_Access role and must be a member of the WSS_ADMIN_WPG group on the processed VM.

The account used to run the Verify Exchange Mailbox step, must be assigned the ApplicationImpersonation role on the processed VM.

NetApp Data ONTAP Permissions

The account used to connect to a NetApp Data ONTAP storage system must have the following permissions:

Command/Directory

Access/Query Level

DEFAULT

none

job

readonly

lun

all

network interface

readonly

snapmirror

all

version

readonly

volume

all

vserver

readonly

I want to report a typo

There is a misspelling right here:

 

I want to let the Veeam Documentation Team know about that.