Configuring Roles
To perform Veeam Backup & Replication operations, you can either assign the default roles to users or create custom roles depending on your needs.
The default roles are the following:
Role | Operations |
---|---|
Veeam Backup Administrator | Can perform all administrative activities in the Veeam Backup & Replication console. Note that Veeam Backup Administrator has full access to all files on servers and hosts added to the backup infrastructure. |
Veeam Security Administrator | Can perform the following operations:
|
Incident API Operator | Can perform Veeam Backup & Replication REST API requests to manage malware detection events. For more details, see the Malware Detection section in the Veeam Backup & Replication REST API Reference. Incident API Operators do not have access to the Veeam Backup & Replication console. Since they interact only with Veeam Backup & Replication REST API, make sure that multi-factor authentication is disabled for the user you add as Incident API Operator. For more details, see Disabling MFA for Service Accounts. |
Veeam Restore Operator | Can perform restore operations using existing backups and replicas. Consider the following:
|
Veeam Backup Operator | Can start and stop existing jobs, export backups, copy backups and create VeeamZip backups. |
Veeam Backup Viewer | Has the read-only access to the Veeam Backup & Replication console. Can view a list of existing jobs and review the job session details. |
Veeam Tape Operator | Can manage tapes and perform the following operations:
|
You can assign several roles to the same user. For example, if you want a user to start jobs and perform restore operations, you can assign both the Veeam Backup Operator and Veeam Restore Operator roles to this user.
You can create custom roles in Veeam Backup & Replication to assign tailored permissions and granular access scopes to users or groups. Custom roles help you enforce the principle of least privilege and align user access with your organization’s operational policies.
To configure a custom role, use the Add New Role wizard and complete the following steps: