VMware Cloud Community
WarlockArg
Enthusiast
Enthusiast
‎03-07-2024 04:28 PM

Needed privileges for Veeam user

Hi, I'm having problems restricting Veeam user privileges in order not to give it administrator permissions. I have created a new role named "Veeam Backup" where I added all the documented privileges that are needed for a Veeam user to perform all the activities it needs. This privileges are documented by Veeam in https://helpcenter.veeam.com/docs/backup/permissions/cumulativepermissions.html?ver=120.

First of all, I had problems because Veeam couldn't do anything and I realized that Veeam user needs the tasks privileges, which are not documented in the site I said. But now I'm having problems with replicas. There is a privilege, or a set of privileges that are needed in the destination ESXi in order for Veeam to be able to perform replicas. The problem is I don't know how to identify which privilge or privileges are needed. But when I assign the administrator role to the user that is used by Veeam, everything works fine. So, I know it's a permission issue but I'm not being able to identify which those privileges are.
Is there any way to identify which privilege is needed when you want to perform a certain task? I looked at the log file in the ESXi when I run the replica job in order to see if I could realized what task Veeam is trying to perform, but the error message I found doesn't tell me so much. Here is the error in the log file:

 

024-03-07T23:46:49.725Z esxi_hotname Hostd: warning hostd[2101873] [Originator@6876 sub=Vmsvc.vm:/vmfs/volumes/63c9acef-5cb91817-3924-e43d1acd7510/WSWLC_replica_1/WSWLC.vmx opID=6e7cbb6a-59-2aaa user=vpxuser:VSPHERE.LOCAL\veeambkup] File - failed to get objectId, '/vmfs/volumes/63c9acef-5cb91817-3924-e43d1acd7510/WSWLC_replica_1/WSWLC.vmx': Operation not supported (11)


Thanks in advance.

Guido.

Labels (1)
Labels

  • Hi

0 Kudos
2 Replies
asturniolo
Contributor
Contributor
‎03-08-2024 10:04 AM

Hey @WarlockArg 

 

Here are the required permissions for Veeam with VMware around replication - https://helpcenter.veeam.com/docs/backup/permissions/replication.html?ver=120

 

 

0 Kudos
WarlockArg
Enthusiast
Enthusiast
‎03-10-2024 08:20 AM

Hi @asturniolo, I don't know if you read me post carefully, but I said that I configured all the permissions that are documented in the Veeam documentation site that you sent me, but they are not enough. For example, in that site it doesn't appear the task privileges you must allow in order for Veeam to be able to create the different tasks that are needed to take backups or perform replications.
Well, for taking backups, adding those tasks privileges are enough. But in order to perform replications there are another privileges that are NOT documented that doesn't allow Veeam to do them. And I know there is a permissions issue because when I configure the Veeam user with the administrator role everything works ok.

So, my question is. Is there any way (looking some log, or something else) to realize which privilege is needed in order to perform certain task? Suppose for example I want to create a new VM in the inventory. There are a lot of privileges needed to perform that task (for example assign a new space in the datastore, assign a VM to a port group, etc. etc.). If you don't know exactly which permissions are needed, the vCenter simply shows you an error saying the task couldn't be performed but it doesn't tell you why, which privilege was missing. So, is there any way to realize which "that" privilege is needed?

Kind regards,

Guido.

0 Kudos