Configuration of User Accounts for VMware
The Virtual Server Agent requires user accounts that have sufficient permissions for the software to:
- Access the vCenter and ESX servers.
- Access virtual machines.
- Access volumes, files, and folders within virtual machines.
- Perform discovery, backup, and restore operations.
When you configure the VMware vCenter client, you must provide the user account credentials for the vCenter. Later, you can change the user account at the instance level.
The vCenter user account must have permissions on the vCenter, datacenter, ESX server, and virtual machine levels for any virtual machines to be backed up and restored. The backup for a virtual machine fails if the user does not have permission on the vCenter, datacenter, and ESX server where the virtual machine resides.
You can restrict a user account to a specific entity as described in Adding a Custom User with Limited Scope; but the user must also have permissions for all parent objects of the entity. For example, if you define a user account with permissions on an ESX server, you must also give that user permissions on the vCenter and datacenter. If you select the option to propagate permissions to all child objects, the user can back up all virtual machines on the ESX server.
Users can also be assigned permissions and ownership that enable them to browse and restore backed up data for virtual machines.
|Specify a vCenter user account for the VMware instance||Changing vCenter Credentials|
|Set required permissions for vCenter custom user accounts||Permissions for Custom User Accounts|
|Restrict a user account to a specific entity||Adding a Custom User with Limited Scope|
|Configure ownership and permissions to support recovery of virtual machine data as needed for each user interface.||Ownership and Permissions for Virtual Machine Recovery|