When you configure the VMware vCenter client, you must provide the user account credentials for the vCenter. Later, you can change the user account at the instance level.
The vCenter user account must have permissions on the vCenter, datacenter, ESX server, and virtual machine levels for any virtual machines to be backed up and restored. The backup for a virtual machine fails if the user does not have permission on the vCenter, datacenter, and ESX server where the virtual machine resides.
You can restrict a user account to a specific entity as described in Adding a Custom User with Limited Scope; but the user must also have permissions for all parent objects of the entity. For example, if you assign a user account with permissions on an ESX server, then you must also assign give that user with permissions on the vCenter and datacenter. If you select the option to propagate permissions to all child objects, the user can back up all virtual machines on the ESX server.