This article lists the supported backup and restore privileges. The user permissions can be viewed on the VMware vSphere Web Client. For more information, see vSphere Permissions and User Management Tasks and Managing Permissions for vCenter Components.
Users with the following backup and restore privileges are supported.
Backup and restore privileges for vCenter and ESXi
Category | Permission Name | Permission ID | Permission Description |
Datastore | Allocate space | Datastore.AllocateSpace | Allocate space. |
Datastore | Browse datastore | Datastore.Browse | Browse a datastore.โ |
Datastore | Low level file operations | Datastore.FileManagement | Perform low level file operations on a datastore. |
Datastore | Update virtual machine files | Datastore.UpdateVirtualMachineFiles | Update virtual machine files on a datastore. |
Global | Disable methods | Global.DisableMethods | Operations are disabled in vCenter. |
Global | Enable methods | Global.EnableMethods | Operations are enabled in vCenter. |
Global | Licenses | Global.Licenses | Manage licenses. |
Global | Set custom attribute | Global.SetCustomField | Set the value of a custom attribute on an object. |
Global | Manage custom attributes | Global.ManageCustomFields | Add, remove, and rename custom attribute definitions. |
Global | Storage partition configuration | Host.Config.Storage | Storage, host datastore, and diagnostic partition configuration. |
Network | Assign network | Network.Assign | Assign network to virtual machine, host service console, VMkernel virtual NIC or physical NIC. |
Resources | Assign virtual machine to resource pool | Resource.AssignVMToPool | Assign a virtual machine to a resource pool |
Virtual Machine - Inventory | Create new | VirtualMachine.Inventory.Create | Create a new virtual machine or template |
Virtual Machine - Inventory | Register | VirtualMachine.Inventory.Register | Add an existing virtual machine to the inventory |
Virtual Machine - Inventory | Remove | VirtualMachine.Inventory.Delete | Remove a virtual machine. |
Virtual Machine - Inventory | Unregister | VirtualMachine.Inventory.Unregister | Unregister a virtual machine. |
Virtual Machine - Provisioning | Allow disk access | VirtualMachine.Provisioning.DiskRandomAccess | Allow random access to disk files through a separate NFC connection. |
Virtual Machine - Provisioning | Allow read-only disk access | VirtualMachine.Provisioning.DiskRandomRead | Allow read-only random access to disk files through a separate NFC connection. |
Virtual Machine - Provisioning | Allow virtual machine download | VirtualMachine.Provisioning.GetVmFiles | Allow download of virtual machines (used by provisioning operations). |
Virtual Machine - Provisioning | Clone virtual machine | VirtualMachine.Provisioning.Clone | Clone a virtual machine. |
Virtual Machine - Guest Operations | Guest operation modifications | VirtualMachine.GuestOperations.Modify | Modifications in a virtual machine guest operating system. |
Virtual Machine - Guest Operations | Guest operation program execution | VirtualMachine.GuestOperations.Execute | Running processes in a virtual machine guest operating system. |
Virtual Machine - Guest Operations | Guest operation queries | VirtualMachine.GuestOperations.Query | Queries in a virtual |
Virtual Machine - Interaction | Connect devices | VirtualMachine.Interact.DeviceConnection | Connect/disconnect media and network devices. |
Virtual Machine - Interaction | Power on | VirtualMachine.Interact.PowerOn | Power on or resume a virtual machine. |
Virtual Machine - Interaction | Power off | VirtualMachine.Interact.PowerOff | Power off a virtual machine. |
Virtual Machine - Configuration | Add existing disk | VirtualMachine.Config.AddExistingDisk | Browse for and attach an existing virtual disk. |
Virtual Machine - Configuration | Add new disk | VirtualMachine.Config.AddNewDisk | Create and attach a new virtual disk. |
Virtual Machine - Configuration | Add or remove device | VirtualMachine.Config.AddRemoveDevice | Add or remove virtual devices. |
Virtual Machine - Configuration | Advanced configuration | VirtualMachine.Config.AdvancedConfig | Make advanced configuration changes. |
Virtual Machine - Configuration | Change resource | VirtualMachine.Config.Resource | Change virtual machine resource allocations. |
Virtual Machine - Configuration | Toggle disk change tracking | VirtualMachine.Config.ChangeTracking | Enable or disable change tracking for the virtual machine's disks. |
Virtual Machine - Configuration | Acquire disk lease | VirtualMachine.Config.DiskLease | Lease disks for disk manager. |
Virtual Machine - Configuration | Remove disk | VirtualMachine.Config.RemoveDisk | Detach and optionally remove a virtual disk. |
Virtual Machine - Configuration | Configure Raw device | VirtualMachine.Config.RawDevice | Virtual machine raw device configuration. |
Virtual Machine - Configuration | Change Settings | VirtualMachine.Config.Settings | Change virtual machine settings |
Virtual Machine - Configuration | Update CPU | VirtualMachine.Config.CPUCount | Change CPU count |
Virtual Machine - Configuration | Update RAM | VirtualMachine.Config.Memory | Update memory |
Virtual Machine - Configuration | Upgrade virtual machine | VirtualMachine.Config.UpgradeVirtualHardware | Upgrade virtual machine compatibility |
Virtual Machine - Snapshot management | Create snapshot | VirtualMachine.State.CreateSnapshot | Create a snapshot. |
Virtual Machine - Snapshot management | Remove snapshot | VirtualMachine.State.RemoveSnapshot | Remove a snapshot. |
Virtual Machine - Snapshot management | Revert to snapshot | VirtualMachine.State.RevertToSnapshot | Make a snapshot current |
Virtual Machine - Instant Restore and Migration | Storage partition configuration | Host.Config.Storage | Storage, host datastore, and diagnostic partition configuration. |
Virtual Machine - Instant Restore and Migration | Migrate powered off virtual machine | Resource.ColdMigrate | Migrate a powered off virtual machine. |
Virtual Machine - Instant Restore and Migration | Migrate powered on virtual machine | Resource.HotMigrate | Migrate a powered on virtual machine. |
App Privileges | Import | vApp.Import | Import vApp. |
Cryptographic operations | Direct Access | Cryptographer.Access | Allows access to encrypted resources. Users can export virtual machines, have NFC access to virtual machines, and open a console session to an encrypted virtual machine.
Note that this permission is required only if you have enabled Virtual Trusted Platform Module (vTPM) for a VM. For more information on vTPM, see article. |