Check User Permissions

Attention

Starting with version 12.8.0 of Bacula Enterprise, it is possible to use bconsole to query vSphere and see if a user has all required permissions to perform backups and restores.

Example

[root@localhost bin]# ./bconsole
Connecting to Director localhost:9101
1000 OK: 10002 localhost-dir Version: 12.6.1 (05 March 2021)
Enter a period to cancel a command.
*.query client=localhost-fd plugin="vsphere: server=vcenter_192_168_0_8" parameter=permissions
missing=VirtualMachine.Provisioning.DiskRandomAccess
missing=VirtualMachine.Provisioning.DiskRandomRead
missing=VirtualMachine.Provisioning.FileRandomAccess
missing=VirtualMachine.Provisioning.GetVmFiles
missing=VirtualMachine.State.CreateSnapshot
missing=VirtualMachine.State.RemoveSnapshot
missing=VirtualMachine.State.RenameSnapshot
missing=VirtualMachine.State.RevertToSnapshot
missing=VirtualMachine.Interact.PowerOff
missing=VirtualMachine.Interact.PowerOn
...

If the list is not empty, the listed permissions must be configured properly.

Note

In addition to the above bconsole command, you can also use the vsphere-ctl command to check the permissions of the current user on the vCenter system and diagnose issues if any:

/opt/bacula/bin/vsphere-ctl query list_missing_permissions

The following privileges can be allocated to a role and assigned to a Bacula user to perform vStorage backups and restores. These are the minimum required permissions that have been found to be sufficient in the tests performed by Bacula Systems for a basic vSphere environment.

This list may change in the future. The permissions are best propagated downwards from the root of the vSphere level. Additional privileges might be required if advanced features are in use.

Set the following permissions in your vSphere/vCenter environment:

Privilege Level

Permissions

Datastore

  • Allocate space

  • Browse Datastores

  • Configure Datastores

  • Low level file operations

  • Remove File

  • Update virtual machine Files

Distributed Virtual Switch

  • Host operation

Folder

  • Create Folder

Global

  • Cancel Task

  • Disable Methods

  • Enable Methods

  • Licenses

  • Log Event

  • Manage Custom Attributes

  • Set Custom Attributes

  • Settings

Host: Configuration

  • Advanced Settings

  • Storage Partition Configuration

Host: Local Operations

  • Create Virtual Machine

  • Delete Virtual Machine

  • Reconfigure virtual machine

Network

  • Assign Network

Resource

  • Assign Vapp to resource pool

  • Assign Virtual Machine to resource pool

  • Query Vmotion

Tasks

  • Create task

  • Update task

vApp

  • Add virtual machine

  • Assign virtual machine

  • Create

  • Export

  • Import

  • vApp application configuration

  • vApp instance configuration

  • vApp resource configuration

  • View OVF Environment

Virtual Machine: Configuration

  • Add Existing Disk

  • Add New Disk

  • Add or Remove Device

  • Advanced

  • Change CPU Count

  • Change Resource

  • Disk change tracking

  • Disk Lease

  • Host USB Device

  • Modify Device Settings

  • Raw Device

  • Reload from path

  • Remove Disk

  • Rename

  • Reset Guest Information

  • Memory

  • Settings

  • Swap Placement

  • Upgrade Virtual Hardware

Virtual Machine: Inventory

  • Create New

  • Register

  • Remove

  • Unregister

Virtual Machine: Provisioning

  • Allow Disk Access

  • Allow Read-only Disk Access

  • Allow Virtual Machine Download

  • Create Template from Virtual Machine

  • Deploy Template

  • Read Customization Specifications

Virtual Machine: State

  • Create Snapshot

  • Remove Snapshot

  • Revert to Snapshot

See also

Go back to:

Go to:

  • <QueryInformationAboutvSphereEnvironment>

Go back to the main vSphere Plugin Configuration page.

Go back to the main Configuration page.

Go back to the main vSphere Plugin page.