VMware Cloud Community
faziz
Contributor
Contributor
‎10-07-2023 11:26 PM

User permission for 3rd party

we have ESXi we need to take backup for VMs using 3rd party tool such as Veeam or veritas but they need user account with full privileges to do this backup, how i can give him this permission and in same time protect my VM from misuse by them in case such as how i make sure they will not misuse that user to remove VM/Disk of any VM

0 Kudos
4 Replies
scott28tt
VMware Employee
VMware Employee
‎10-08-2023 12:04 AM

Free ESXi or paid for licensed ESXi? It matters: https://forums.veeam.com/vmware-vsphere-f24/can-you-backup-vms-on-esxi-7-free-license-using-vbr-comm...

This article says you need root privileges for ESXi with no vCenter Server: https://helpcenter.veeam.com/docs/backup/permissions/installation.html?ver=120

-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
faziz
Contributor
Contributor
‎10-08-2023 02:28 AM

yes, I will give them root privileges, but how I can guarantee they will not misuse this account like remove or delete VM. 

0 Kudos
battybishop
Hot Shot
Hot Shot
‎10-08-2023 03:36 AM

The only option for a least privilege approach is by using vCenter otherwise it is root privileges on standalone ESXi and then you will have to monitor logs.

a_p_
Leadership
Leadership
‎10-08-2023 03:39 AM

The permissions are granted to the application only, i.e. not to Veeam (the company) itself.
Taking into account that Veeam has been on the market for many years, and will for sure not lose its reputation, I wouldn't be concerned too much.

No matter which backup application you use, all of them require elevated permission to backup and restore VMs.

André