Permissions

For general requirements for permissions that must be provided to the user account to install and work with Veeam Backup & Replication, see Permissions for Veeam Backup & Replication. In addition to general requirements, make sure that user accounts have the following permissions:

Permissions for MongoDB Replica Set

Operation

Required Roles and Permissions

Connecting to the MongoDB replica set, discovering MongoDB nodes

To connect to the MongoDB replica set, your credentials must meet the following requirements:

  • The account must be able to authenticate against MongoDB admin database.
  • The account must have the the following roles:
  • ClusterMonitor role to collect information about replica sets.
  • Backup role to perform backup operations.
  • HostManager role to lock nodes during backup operations.

To learn more about these roles, see MongoDB documentation.

  • If you want to use TLS with your credentials, you must use client certificate that meet requirements by MongoDB. For details, see MongoDB documentation.

To learn more about TLS support by MongoDB, see MongoDB documentation.

For details, see Specify Deployments.

Connecting to MongoDB nodes, installing and updating Veeam components

The account specified in the protection group configuration settings to connect to MongoDB nodes must have the following permissions:

  • The account must have root privileges.
  • The account must be able to authenticate against the Veeam Backup & Replication server.

For enhanced security, we recommend creating a separate standard user that will be solely dedicated to performing the backup and restore operations.

For details, see Specify Computers.

Restoring MongoDB data

To restore MongoDB data using Veeam Explorer for MongoDB, consider the required permissions in the Permissions section of Veeam Explorers User Guide.

Permissions for Object Storage

The general permissions for backup to object storage are listed in Using Object Storage Repositories. Additional permissions are required if you want to use MongoDB Backup. The list of additional permissions differs depending on the selected object storage and the way you set your backup infrastructure:

Amazon S3

Consider the following:

Make sure that your infrastructure configuration fits the following description:

  • You plan to back up data to the Amazon S3 storage.
  • You selected direct connection in the object storage settings. For details, see Adding Amazon S3 Object Storage.

If you plan to back up data using such infrastructure configuration, make sure the user account that you use to connect to the object storage has the following permissions:

{
 "iam:AttachUserPolicy",
 "iam:CreateAccessKey",
 "iam:CreatePolicy",
 "iam:CreatePolicyVersion",
 "iam:CreateUser",
 "iam:DeleteAccessKey",
 "iam:DeletePolicy",
 "iam:DeletePolicyVersion",
 "iam:DeleteUser",
 "iam:DeleteUserPolicy",
 "iam:DetachUserPolicy",
 "iam:GetPolicy",
 "iam:GetPolicyVersion",
 "iam:GetUser",
 "iam:GetUserPolicy",
 "iam:ListAccessKeys",
 "iam:ListAttachedUserPolicies",
 "iam:ListPolicyVersions",
 "iam:ListUserPolicies",
 "iam:PutUserPolicy",
 "iam:SetDefaultPolicyVersion",
 "iam:SimulatePrincipalPolicy",
 "iam:TagUser"
}

S3 Compatible (Including IBM Cloud Object Storage, Wasabi Cloud Storage)

Consider the following:

Make sure that your infrastructure configuration fits the following description:

  • You plan to back up data to the S3 compatible storage.
  • Direct connection is selected in the object storage settings. For details, see Specify Object Storage Account.

If you plan to back up data using such infrastructure configuration, make sure the user account that you use to connect to the object storage has the following permissions:

{
 "iam:AttachUserPolicy",
 "iam:CreateAccessKey",
 "iam:CreatePolicy",
 "iam:CreatePolicyVersion",
 "iam:CreateUser",
 "iam:DeleteAccessKey",
 "iam:DeletePolicy",
 "iam:DeletePolicyVersion",
 "iam:DeleteUser",
 "iam:DeleteUserPolicy",
 "iam:DetachUserPolicy",
 "iam:GetPolicy",
 "iam:GetPolicyVersion",
 "iam:GetUser",
 "iam:GetUserPolicy",
 "iam:ListAccessKeys",
 "iam:ListAttachedUserPolicies",
 "iam:ListPolicyVersions",
 "iam:ListUserPolicies",
 "iam:PutUserPolicy",
 "iam:SetDefaultPolicyVersion",
 "sts:GetCallerIdentity"
}

 

 

Google Cloud Storage

Make sure that your infrastructure configuration fits the following description:

If you plan to back up data using such infrastructure configuration, make sure the user account that you specify in the Helper Appliance settings has the following permissions:

{
 "iam.serviceAccounts.create",
 "iam.serviceAccounts.delete",
 "iam.serviceAccounts.get",
 "iam.serviceAccounts.list",
 "storage.buckets.get",
 "storage.buckets.getIamPolicy",
 "storage.buckets.list",
 "storage.buckets.setIamPolicy",
 "storage.buckets.update",
 "storage.hmacKeys.create",
 "storage.hmacKeys.delete",
 "storage.hmacKeys.get",
 "storage.hmacKeys.list",
 "storage.objects.create",
 "storage.objects.delete",
 "storage.objects.get",
 "storage.objects.list"
}

Page updated 9/2/2025

Page content applies to build 13.0.0.4967