How Can We Help?
VMware ESXi Permissions
To limit the use of the ‘administrator’ account for ESXi, you can create a separate service account with restricted permissions. This account can be created at the vCenter or host level. The account can then be used within your backup solution to expose your ESXi infrastructure for backup and restores. This comprehensive list illustrates the permissions needed in which to backup, administer, restore VMs and clusters for a range of Data Protection utilities.
These are role permissions that will need to be added:
Datastore
- Allocate space
- Browse datastore
- Low level file operations
- Remove file
Global
- Licenses
- Log event
Host\Inventory
- Modify cluster
Host\Local Operations
- Create virtual machine
- Reconfigure virtual machine
Network
- Assign network
- Configure
Resource
- Assign vApp to resource pool
- Assign virtual machine to resource pool
vApp
- Add virtual machine
- Assign resource pool
- Create
- Delete
- Import
- Move
- Power off
- Power On
- Rename
Virtual machine\Configuration
- <Select All>
Virtual Machine\Interaction
- Configure CD media
- Configure floppy media
- Console interaction
- Device connection
- Power Off
- Power On
- VMware Tools install
Virtual Machine\Inventory
- Create new
- Remove
Virtual Machine\Provisioning
- Allow disk access
- Allow read-only disk access
- Allow virtual machine download
- Allow virtual machine files upload
- Clone template
Virtual Machine\Service Configuration
- Modify service configuration
Virtual Machine\Snapshot Management
- <Select All>
Once you have created this role, assign this role to your service account to apply the permissions.