vCenter Server privileges required for the Data Protection for VMware vSphere GUI and data mover

Product Documentation

Abstract

The vCenter Server ID that you enter to log in to the Data Protection for VMware vSphere GUI and data mover must have the correct VMware privileges.

Content

The vCenter Server ID that you enter to log in to the Data Protection for VMware vSphere GUI must have the correct privileges to view the VMware data centers. Similarly, when prompted by the GUI configuration wizard to enter the vCenter Server credentials, the user ID must have the correct privileges assigned. The privileges are verified by the wizard and this value is saved to the profile file.

The user ID that signs in to the Data Protection for VMware vSphere GUI must have the same privileges as the user ID for the data mover (with the exception of privileges for vSphere tagging). The privileges that are required for both the Data Protection for VMware vSphere GUI and data mover are shown in Table 1.

If you want to use the vSphere tagging feature, the user ID for the data mover on which tagging support is enabled must have additional VMware privileges. These privileges are shown in Table 2. Support for vSphere tagging was added in Data Protection for VMware Version 7.1.6. For more information about tagging, see the "Enabling tagging support" topic in the Data Protection for VMware Knowledge Center for your release (Version 7.1.6 or later).

If single sign-on is used for the vCenter Server login, you must assign the user to a minimum of the Read Only role at the vCenter level to read the SSO address that is specified by config.vpxd.sso.sts.uri setting. If SSO is not used, you can use the testflag VM_DISABLE_SSO_LOGIN to disable the SSO login and this configuration is not required.

The user must be assigned to a role with the following privileges for any objects that you want to back up:

Table 1: Required privileges for the Data Protection for VMware vSphere GUI and data mover for vSphere 7 and 8

vCenter Server Object/Required Privilege	Data Protection for VMware Versions
Cryptographic operations	8.1.10 and later
Add Disk	X
Direct Access	X
Datacenter	8.1.10 and later
IBM Data Protection	X
Datastore	8.1.10 and later
Allocate space	X
Browse datastore	X
Low-level file operations	X
Extension	8.1.10 and later
Register extension	X
Unregister extension	X
Update extension	X
Global	8.1.10 and later
Cancel task	X
Configure IBM Data Protection	X
Disable methods	X
Enable methods	X
Licenses	X
Log event	X
Manage custom attributes	X
Set custom attribute	X
Host > Configuration	8.1.10 and later
Storage partition configuration	X
vSphere Tagging	8.1.10 and later
Assign or Unassign vSphere Tag	X
Assign or Unassign vSphere Tag on Object	X
Create vSphere Tag	X
Create vSphere Tag Category	X
Delete vSphere Tag	X
Delete vSphere Tag Category	X
Edit vSphere Tag	X
Edit vSphere Tag Category	X
Modify UsedBy Field For Category	X
Modify UsedBy Field For Tag	X
Network	8.1.10 and later
Assign network	X
Resource	8.1.10 and later
Assign virtual machine to resource pool	X
Migrate powered off virtual machine	X
Migrate powered on virtual machine	X
Tasks	8.1.10 and later
Create Task	X
Update Task	X
vApp	8.1.10 and later
Add virtual machine	X
Assign resource pool	X
Create	X
Virtual machine > Change Configuration	8.1.10 and later
Acquire disk Lease	X
Add existing disk	X
Add new disk	X
Add or remove device	X
Advanced configuration	X
Change CPU count	X
Change Memory	X
Change Settings	X
Change Swapfile placement	X
Change resource	X
Configure Host USB device	X
Configure Raw device	X
Modify device settings	X
Reload from path	X
Remove disk	X
Rename	X
Reset guest information	X
Set annotation	X
Toggle disk change tracking	X
Upgrade virtual machine compatibility	X
Virtual Machine > Edit Inventory	8.1.10 and later
Create new	X
Register	X
Remove	X
Unregister	X
Virtual machine > Guest operations	8.1.10 and later
Guest Operation Modifications	X
Guest Operation Program Execution	X
Guest Operation Queries	X
Virtual machine > Interaction	8.1.10 and later
Power Off	X
Power On	X
Virtual machine > Provisioning	8.1.10 and later
Allow disk access	X
Allow read-only disk access	X
Allow virtual machine download	X
Clone virtual machine	X
Mark as template	X
Virtual machine > Snapshot management	8.1.10 and later
Create snapshot	X
Remove Snapshot	X
Rename Snapshot	X
Revert to snapshot	X

Table 2: Required privileges for the Data Protection for VMware vSphere GUI and data mover for vSphere 6.x

Note: Starting with Version 8.1.10, vSphere 6.0 is no longer supported.

vCenter Server Object/Required Privilege				Data Protection for VMware Versions
Cryptographic operations	8.1.10 and later	8.1.9	8.1.8	8.1.7	8.1.6	8.1.4	8.1.2	8.1.0	7.1.8	7.1.6	7.1.4	7.1.3	7.1.2	7.1.1	7.1.0
Add Disk	X	X	X	X	X
Direct Access	X	X	X	X	X
Datacenter	8.1.10 and later	8.1.9	8.1.8	8.1.7	8.1.6	8.1.4	8.1.2	8.1.0	7.1.8	7.1.6	7.1.4	7.1.3	7.1.2	7.1.1	7.1.0
IBM Data Protection	X	X	X	X	X	X	X	X	X	X
Datastore	8.1.10 and later	8.1.9	8.1.8	8.1.7	8.1.6	8.1.4	8.1.2	8.1.0	7.1.8	7.1.6	7.1.4	7.1.3	7.1.2	7.1.1	7.1.0
Allocate space	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Browse datastore	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Low-level file operations	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Extension	8.1.10 and later	8.1.9	8.1.8	8.1.7	8.1.6	8.1.4	8.1.2	8.1.0	7.1.8	7.1.6	7.1.4	7.1.3	7.1.2	7.1.1	7.1.0
Register extension	X	X	X	X	X	X	X	X	X	X	X	X	X
Unregister extension	X	X	X	X	X	X	X	X	X	X	X	X	X
Update extension	X	X	X	X	X	X	X	X	X	X	X	X	X
Global	8.1.10 and later	8.1.9	8.1.8	8.1.7	8.1.6	8.1.4	8.1.2	8.1.0	7.1.8	7.1.6	7.1.4	7.1.3	7.1.2	7.1.1	7.1.0
Cancel task	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Configure IBM Data Protection	X	X	X	X	X	X	X	X	X	X
Disable methods	X	X	X	X	X	X	X
Enable methods	X	X	X	X	X	X	X
Licenses	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Log event	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Manage custom attributes	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Set custom attribute	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Host > Configuration	8.1.10 and later	8.1.9	8.1.8	8.1.7	8.1.6	8.1.4	8.1.2	8.1.0	7.1.8	7.1.6	7.1.4	7.1.3	7.1.2	7.1.1	7.1.0
Storage partition configuration	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Network	8.1.10 and later	8.1.9	8.1.8	8.1.7	8.1.6	8.1.4	8.1.2	8.1.0	7.1.8	7.1.6	7.1.4	7.1.3	7.1.2	7.1.1	7.1.0
Assign network	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Resource	8.1.10 and later	8.1.9	8.1.8	8.1.7	8.1.6	8.1.4	8.1.2	8.1.0	7.1.8	7.1.6	7.1.4	7.1.3	7.1.2	7.1.1	7.1.0
Assign virtual machine to resource pool	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Migrate powered off virtual machine	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Migrate powered on virtual machine	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Tasks	8.1.10 and later	8.1.9	8.1.8	8.1.7	8.1.6	8.1.4	8.1.2	8.1.0	7.1.8	7.1.6	7.1.4	7.1.3	7.1.2	7.1.1	7.1.0
Create Task	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Update Task	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Virtual machine > Configuration	8.1.10 and later	8.1.9	8.1.8	8.1.7	8.1.6	8.1.4	8.1.2	8.1.0	7.1.8	7.1.6	7.1.4	7.1.3	7.1.2	7.1.1	7.1.0
Add existing disk	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Add new disk	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Add or remove device	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Advanced configuration	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Change CPU count	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Change resource	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Toggle Disk change tracking	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Acquire Disk Lease	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Configure Host USB device	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Change Memory	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Modify device settings	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Configure Raw device	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Reload from path	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Remove disk	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Rename	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Reset guest information	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Set annotation	X	X	X	X	X	X	X	X
Change Settings	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Change Swapfile placement	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Upgrade virtual hardware (vSphere 5.1 and 5.5) Upgrade virtual machine compatibility (vSphere 6.0)	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Virtual machine > Guest operations	8.1.10 and later	8.1.9	8.1.8	8.1.7	8.1.6	8.1.4	8.1.2	8.1.0	7.1.8	7.1.6	7.1.4	7.1.3	7.1.2	7.1.1	7.1.0
Guest Operation Modifications	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Guest Operation Program Execution	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Guest Operation Queries	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Virtual machine > Interaction	8.1.10 and later	8.1.9	8.1.8	8.1.7	8.1.6	8.1.4	8.1.2	8.1.0	7.1.8	7.1.6	7.1.4	7.1.3	7.1.2	7.1.1	7.1.0
Power Off	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Power On	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Virtual machine > Inventory	8.1.10 and later	8.1.9	8.1.8	8.1.7	8.1.6	8.1.4	8.1.2	8.1.0	7.1.8	7.1.6	7.1.4	7.1.3	7.1.2	7.1.1	7.1.0
Create new	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Register	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Remove	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Unregister	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Virtual machine > Provisioning	8.1.10 and later	8.1.9	8.1.8	8.1.7	8.1.6	8.1.4	8.1.2	8.1.0	7.1.8	7.1.6	7.1.4	7.1.3	7.1.2	7.1.1	7.1.0
Allow disk access	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Allow read-only disk access	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Allow virtual machine download	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Clone virtual machine	X	X	X	X	X	X	X
Mark as template	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Virtual machine > State (vSphere 5.1 and 5.5) Virtual machine > Snapshot management (vSphere 6.0)	8.1.10 and later	8.1.9	8.1.8	8.1.7	8.1.6	8.1.4	8.1.2	8.1.0	7.1.8	7.1.6	7.1.4	7.1.3	7.1.2	7.1.1	7.1.0
Create snapshot	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Remove Snapshot	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Rename Snapshot	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Revert to snapshot	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
vApp	8.1.10 and later	8.1.9	8.1.8	8.1.7	8.1.6	8.1.4	8.1.2	8.1.0	7.1.8	7.1.6	7.1.4	7.1.3	7.1.2	7.1.1	7.1.0
Add virtual machine	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Assign resource pool	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Create	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X

Table 3: Required tagging privileges for the data mover

These privileges must be set at the vCenter Server root level.

vCenter Server Object/Required Privilege			Data Protection for VMware Versions
Inventory Service > vSphere Tagging	8.1.10 and later	8.1.9	8.1.8	8.1.7	8.1.6	8.1.4	8.1.2	8.1.0	7.1.8	7.1.6
Assign or Unassign vSphere Tag	X	X	X	X	X	X	X	X	X	X
Create vSphere Tag	X	X	X	X	X	X	X	X	X	X
Create vSphere Tag Category	X	X	X	X	X	X	X	X	X	X
Delete vSphere Tag	X	X	X	X	X	X	X	X	X	X
Delete vSphere Tag Category	X	X	X	X	X	X	X	X	X	X
Modify UsedBy Field For Tag	X	X	X	X	X	X	X	X	X	X
Modify UsedBy Field For Category	X	X	X	X	X	X	X	X	X	X
Edit vSphere Tag	X	X	X	X	X
Edit vSphere Tag Category	X	X	X	X	X

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSERB6","label":"IBM Spectrum Protect for Virtual Environments"},"Component":"--","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"7.1;8.1","Edition":"All Editions","Line of Business":{"code":"LOB26","label":"Storage"}}]

Tips

vCenter Server privileges required for the Data Protection for VMware vSphere GUI and data mover

Product Documentation

Abstract

Content

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?