You are here:
← All Topics

To limit the use of the ‘administrator’ account for ESXi, you can create a separate service account with restricted permissions. This account can be created at the vCenter or host level. The account can then be used within your backup solution to expose your ESXi infrastructure for backup and restores. This comprehensive list illustrates the permissions needed in which to backup, administer, restore VMs and clusters for a range of Data Protection utilities.

These are role permissions that will need to be added:

Datastore

  • Allocate space
  • Browse datastore
  • Low level file operations
  • Remove file

Global

  • Licenses
  • Log event

Host\Inventory

  • Modify cluster

Host\Local Operations

  • Create virtual machine
  • Reconfigure virtual machine

Network

  • Assign network
  • Configure

Resource

  • Assign vApp to resource pool
  • Assign virtual machine to resource pool

vApp

  • Add virtual machine
  • Assign resource pool
  • Create
  • Delete
  • Import
  • Move
  • Power off
  • Power On
  • Rename

Virtual machine\Configuration

  • <Select All>

Virtual Machine\Interaction

  • Configure CD media
  • Configure floppy media
  • Console interaction
  • Device connection
  • Power Off
  • Power On
  • VMware Tools install

Virtual Machine\Inventory

  • Create new
  • Remove

Virtual Machine\Provisioning

  • Allow disk access
  • Allow read-only disk access
  • Allow virtual machine download
  • Allow virtual machine files upload
  • Clone template

Virtual Machine\Service Configuration

  • Modify service configuration

Virtual Machine\Snapshot Management

  • <Select All>

Once you have created this role, assign this role to your service account to apply the permissions.