What are the minimum permissions needed to properly backup and restore using vStorage api?

Article:TECH130493  |  Created: 2010-01-25  |  Updated: 2014-07-09  |  Article URL http://www.symantec.com/docs/TECH130493
Article Type
Technical Solution


Environment

Issue



Problems backing up and restoring VMware virtual machine via vCenter or ESX.  The account used by NetBackup to interface with VMware's vCenter may not have been given the priviedged roles with the necessary to rights to perform the operations.


Solution



The following privileges can be allocated to a role and assigned to the NetBackup user to perform vStorage backups and restores.  These are the minimum required permissions that has been found to be sufficient in the tests performed by Symantec for a basic vSphere environment.  This list may change in the future.  The permissions are best propagated downwards from the root of the vSphere level.  Additional privileges might be required if advanced features are in use.  The content of this document is subject to change.  The account configured in the NetBackup Administration Console -> Media and Device Management  -> Credentials -> NetBackup Virtual Machine Server should be assigned to a role configured as follows at the vSphere level, with the 'Propagate to Child Objects' checkbox checked.
 
Alarms      
  Acknowledge alarm    
  Create alarm    
  Disable alarm action    
  Modify alarm    
  Remove alarm    
  Set alarm status    
Datacenter      
  Create Datacenter    
  IP pool configuration    
  Move Datacenter    
  Remove Datacenter    
  Rename Datacenter    
Datastore      
  Allocate space   X
  Browse Datastores   X
  Configure Datastores   X
  Low level file operations   X
  Move datastore    
  Remove Datastore    
  Remove File   X
  Rename Datastore    
  Update virtual machine Files   X
Distributed Virtual port
group
     
  Create    
  Delete    
  Modify      
  Policy operation    
  Scope operation    
Distributed Virtual Switch      
  Create    
  Delete    
  Host operation    
  Modify    
  Move    
  Policy operation    
  Port configuration operation    
  Port setting operation    
  VSPAN Operation    
Extension      
  Register   X
  Update    
  Unregister    
Folder      
  Create Folder    
  Delete Folder    
  Rename Folder    
  Move Folder    
Global      
  Act as vCenter Server    
  Cancel Task   X
  Capacity Planning    
  Diagnostics    
  Disable Methods   X
  Enable Methods   X
  Global Tag    
  Health    
  Licenses   X
  Log Event   X
  Manage Custom Attributes   X
  Proxy    
  Script Action    
  Service Managers    
  Set Custom Attributes   X
  Settings   X
  System Tag    
Host       
  CIM    
    CIM Interaction  
  Configuration    
    Advanced Settings X
    Change Date Time Settings  
    Change PciPassthru settings  
    Change Settings  
    Change SNMP Settings  
    Connection  
    Firmware  
    Hyper Threading  
    Maintenance  
    Memory Configuration  
    Network Configuration  
    Query Patch  
    Security Profile and Firewall  
    Storage Partition Configuration X
    System Management  
    System Resources  
    Virtual Machine Auto-start Configuration  
  Inventory    
    Add Host to Cluster  
    Add Standalone Host  
    Create Cluster  
    Modify Cluster  
    Move Cluster/Standalone Host  
    Move Host  
    Remove Cluster  
    Remove Host  
    Rename Cluster  
  Local Operations    
    Add host to vCenter  
    Create Virtual Machine  
    Delete Virtual Machine  
    Manage User Groups  
    Reconfigure virtual machine  
Host Profile      
  Clear    
  Create    
  Delete    
  Edit    
  View    
Network      
  Assign Network   X
  Configure     
  Move Network    
  Remove    
Perfomance       
  Modify Intervals    
Permissions      
  Modify Permission    
  Modify Role    
  Reassign Role Permissions    
Resource      
  Apply recommendation    
  Assign Vapp to resource pool   X
  Assign Virtual Machine
to resource pool
  X
  Create resource pool    
  Migrate    
  Modify resource pool    
  Move resource pool    
  Relocate    
  Query Vmotion    
  Remove resource pool    
  Rename resource pool    
Scheduled Task      
  Create Tasks    
  Modify Task    
  Remove Task    
  Run Task    
Sessions      
  Impersonate User    
  Message    
  Validate Session    
  View and stop sessions    
Storage views      
  Configure service    
  View    
Tasks      
  Create task    X
  Update task   X
vApp      
  Add virtual machine    
  Assign virtual machine      
  Assign vApp     
  Clone    
  Create    
  Delete    
  Export    
  Import     
  Move    
  Power Off    
  Power On    
  Rename    
  Unregister     
  vApp application configuration    
  vApp instance configuration    
  vApp resource configuration    
  View OVF Environment    
Virtual Machine      
  Configuration    
    Add Existing Disk X
    Add New Disk X
    Add or Remove Device X
    Advanced   X
    Change CPU Count X
    Change Resource X
    Disk change tracking X
    Disk Lease X
    Extend virtual disk  
    Host USB Device X
    Modify Device Settings X
    Query unowned files  
    Raw Device X
    Reload from path X
    Remove Disk X
    Rename    X
    Reset Guest Information X
    Memory    X
    Settings X
    Swap Placement X
    Unlock Virtual Machine X
    Upgrade Virtual Hardware X
  Interaction    
    Answer question  
    Backup operation on virtual machine  
    Configure CD media  
    Congirure floppy media  
    Console interation  
    Create screenshot  
    Defragment all disks  
    Device connection  
    Disable Fault Tolerance  
    Enable Fault Tolerance  
    Power Off X
    Power On X
    Record session on Virtual Machine  
    Replay session on Virtual Machine  
    Reset    
    Suspend  
    Test Failover  
    Test restart Secondary VM  
    Turn Off Fault Tolerance  
    Turn On Fault Tolerance  
    Vmware Tools install  
  Inventory    
    Create from existing  
    Create New X
    Move  
    Register X
    Remove X
    Unregister X
  Provisioning    
    Allow Disk Access X
    Allow Read-only Disk Access X
    Allow Virtual Machine Download X
    Allow Virtual Machine Files Upload  
    Clone Template  
    Clone Virtual Machine  
    Create Template from Virtual Machine  
    Customize  
    Deploy Tempate  
    Mark As Template  
    Mark as Virtual Machine  
    Modify Customization Specification  
    Promote disks  
    Read Customization Specifications  
  State    
    Create Snapshot X
    Remove Snapshot X
    Rename Snapshot  
    Revert to Snapshot X
VMware vCenter Update Manager      
  Configure     
    Configure Service  
  Manage Baseline    
    Assign Baseline  
    Manage Baseline  
  Manage Patches and Upgrades    
    Remediate Patches and Upgrades  
    Scan Patches and Upgrades  
    Stage Patches  
    View Compliance Status  
 
VMware recommendations as of VDDK 5.5:



Legacy ID



354813


Article URL http://www.symantec.com/docs/TECH130493


Terms of use for this information are found in Legal Notices