In vSphere, create a user role with privileges that are required for performing backup operations against for the management virtual machines in vSphere Data Protection in Region A. 

Procedure

  1. Log in to vCenter Server by using the vSphere Web Client.
    1. Open a Web browser and go to https://mgmt01vc01.sfo01.rainpole.local/vsphere-client.
    2. Log in using the following credentials.

      Setting

      Value

      User name

      administrator@vsphere.local

      Password

      vsphere_admin_password

  2. On the Home page of the vSphere Web Client, select Roles under Administration.
  3. Create a new role for managing backups.
    1. On the Roles page, click the Create role action icon.
    2. In the Create Role dialog box, configure the role using the following configuration settings, and click OK.

      Setting

      Value

      Role name

      vSphere Data Protection User

      Privilege

      • Alarms.Create Alarm

      • Alarms.Modify Alarms

      • Datastore.Allocate space

      • Datastore.Browse datastore

      • Datastore.Configure datastore

      • Datastore.Low level file operations

      • Datastore.Move datastore

      • Datastore.Remove datastore

      • Datastore.Remove file

      • Datastore.Rename datastore

      • Extension.Register extension

      • Extension.Update extensions

      • Folder.Create folder

      • Global.Cancel task

      • Global.Disable methods

      • Global.Enable methods

      • Global.Licenses

      • Global.Log event

      • Global.Manage custom attributes

      • Global.Settings

      • Network.Assign network

      • Network.Configure

      • Resource.Assign virtual machine to resource pool

      • Session.Validate session

      • Tasks.Create task

      • Tasks.Update task

      • Virtual Machine.Configuration.Add existing disk

      • Virtual Machine.Configuration.Add new disk

      • Virtual Machine.Configuration.Add or remove device

      • Virtual Machine.Configuration.Advanced

      • Virtual Machine.Configuration.Change cpu count

      • Virtual Machine.Configuration.Change resource

      • Virtual Machine.Configuration.Disk change tracking

      • Virtual Machine.Configuration.Disk lease

      • Virtual Machine.Configuration.Extend virtual disk

      • Virtual Machine.Configuration.Host use device

      • Virtual Machine.Configuration.Memory

      • Virtual Machine.Configuration.Modify device setting

      • Virtual Machine.Configuration.Raw device

      • Virtual Machine.Configuration.Reload from path

      • Virtual Machine.Configuration.Remove disk

      • Virtual Machine.Configuration.Rename

      • Virtual Machine.Configuration.Reset guest information

      • Virtual Machine.Configuration.Set annotation

      • Virtual Machine.Configuration.Settings

      • Virtual Machine.Configuration.Swapfile placement

      • Virtual Machine.Configuration.Upgrade virtual machine compatibility

      • Virtual Machine.Guest Operations.Guest Operation Modifications

      • Virtual Machine.Guest Operations.Guest Operations Program execution

      • Virtual Machine.Guest Operations.Guest Operation Queries

      • Virtual Machine.Interaction.Console interaction

      • Virtual Machine.Interaction.Device connection

      • Virtual Machine.Interaction.Guest operating system management by VIX API

      • Virtual Machine.Interaction.Power off

      • Virtual Machine.Interaction.Power on

      • Virtual Machine.Interaction.Reset

      • Virtual Machine.Interaction.ViMware tools install

      • Virtual Machine.Inventory.Create new

      • Virtual Machine.Inventory.Register

      • Virtual Machine.Inventory.Remove

      • Virtual Machine.Inventory.Unregister

      • Virtual Machine.Provisioning.Allow disk access

      • Virtual Machine.Provisioning.Allow read-only disk access

      • Virtual Machine.Provisioning.Allow virtual machine download

      • Virtual Machine.Provisioning.Mark as template

      • Virtual Machine.Snapshot management.Create snapshot

      • Virtual Machine.Snapshot management.Remove snapshot

      • Virtual Machine.Snapshot management.Revert snapshot

      • vApp.Export

      • vApp.Import

      • vApp.vApp application configuration

      This role inherits the System > Anonymous System > View, and System > Read permissions. 

  4. The Management vCenter Server for Region A propagates the role to the other linked vCenter Server instances.