In vSphere, create a user role with privileges that are required for performing backup operations against the management virtual machines in vSphere Data Protection for the Consolidated SDDC. 


  1. Log in to vCenter Server by using the vSphere Web Client.
    1. Open a Web browser and go to https://sfo01w01vc01.sfo01.rainpole.local/vsphere-client.
    2. Log in using the following credentials.



      User name




  2. On the Home page of the vSphere Web Client, select Roles under Administration.
  3. Create a new role for managing backups.
    1. On the Roles page, click the Create role action icon.
    2. In the Create Role dialog box, configure the role using the following configuration settings, and click OK.



      Role name

      vSphere Data Protection User


      • Alarms.Create alarm

      • Alarms.Modify alarm

      • Datastore.Allocate space

      • Datastore.Browse datastore

      • Datastore.Configure datastore

      • Datastore.Low level file operations

      • Datastore.Move datastore

      • Datastore.Remove datastore

      • Datastore.Remove file

      • Datastore.Rename datastore

      • Extension.Register extension

      • Extension.Update extension

      • Folder.Create folder

      • Global.Cancel task

      • Global.Disable methods

      • Global.Enable methods

      • Global.Licenses

      • Global.Log event

      • Global.Manage custom attributes

      • Global.Settings

      • Network.Assign network

      • Network.Configure

      • Resource.Assign virtual machine to resource pool

      • Sessions.Validate session

      • Tasks.Create task

      • Tasks.Update task

      • Virtual Machine.Configuration.Add existing disk

      • Virtual Machine.Configuration.Add new disk

      • Virtual Machine.Configuration.Add or remove device

      • Virtual Machine.Configuration.Advanced

      • Virtual Machine.Configuration.Change CPU count

      • Virtual Machine.Configuration.Change resource

      • Virtual Machine.Configuration.Disk change tracking

      • Virtual Machine.Configuration.Disk lease

      • Virtual Machine.Configuration.Extend virtual disk

      • Virtual Machine.Configuration.Host USB device

      • Virtual Machine.Configuration.Memory

      • Virtual Machine.Configuration.Modify device settings

      • Virtual Machine.Configuration.Raw device

      • Virtual Machine.Configuration.Reload from path

      • Virtual Machine.Configuration.Remove disk

      • Virtual Machine.Configuration.Rename

      • Virtual Machine.Configuration.Reset guest information

      • Virtual Machine.Configuration.Set annotation

      • Virtual Machine.Configuration.Settings

      • Virtual Machine.Configuration.Swapfile placement

      • Virtual Machine.Configuration.Upgrade virtual machine compatibility

      • Virtual Machine.Guest Operations.Guest operation modifications

      • Virtual Machine.Guest Operations.Guest operation program execution

      • Virtual Machine.Guest Operations.Guest operation queries

      • Virtual Machine.Interaction.Console interaction

      • Virtual Machine.Interaction.Device connection

      • Virtual Machine.Interaction.Guest operating system management by VIX API

      • Virtual Machine.Interaction.Power off

      • Virtual Machine.Interaction.Power on

      • Virtual Machine.Interaction.Reset

      • Virtual Machine.Interaction.VMware Tools install

      • Virtual Machine.Inventory.Create new

      • Virtual Machine.Inventory.Register

      • Virtual Machine.Inventory.Remove

      • Virtual Machine.Inventory.Unregister

      • Virtual Machine.Provisioning.Allow disk access

      • Virtual Machine.Provisioning.Allow read-only disk access

      • Virtual Machine.Provisioning.Allow virtual machine download

      • Virtual Machine.Provisioning.Mark as template

      • Virtual Machine.Snapshot management.Create snapshot

      • Virtual Machine.Snapshot management.Remove snapshot

      • Virtual Machine.Snapshot management.Revert to snapshot

      • vApp.Export

      • vApp.Import

      • vApp.vApp application configuration

      This role inherits the System > Anonymous System > View, and System > Read permissions. 


The Consolidated vCenter Server propagates the role to other linked vCenter Server instances.