Powershell and restricted user role

[MPIDR]

Hi,

We would like to collect VBR backup statistics using Powershell on the VBR server itself and then copy the results file to another machine. The only commands used are Connect-VBRServer, Get-VBRBackup and Get-VBRBackupSession. I thought I could use a Veeam Backup Viewer role service account (non-MFA) for this task. Unfortunately, a Veeam Backup Administrator (!) role service account (non-MFA) is required: "Only users with Veeam Backup Administrator role assigned can use Veeam Backup Powershell Snap-in".

This entirely ruins our security concept (MFA only for all remote sessions) and I was wondering how you are dealing with this challenge.

Best regards,
MPIDR

[david.domask]

Hi @MPIDR,

Regrettably with Powershell that will not be possible at this time. I think our REST API endpoints are what you're hoping for as at least Enterprise Manager has the roles you're needing.

Overview - Veeam Backup REST API Reference
https://helpcenter.veeam.com/docs/backu ... ml?ver=120
Overview - Veeam Backup & Replication REST API Reference
https://helpcenter.veeam.com/docs/backu ... ml?ver=120
https://helpcenter.veeam.com/docs/backu ... ml?ver=120

[MPIDR]

Hi David,

Thanks for confirming this is currently not working. We will now check the REST API you suggested.

If I may, I'd like to add a feature request which allows Veeam Backup Viewers to use Powershell but with a restricted set of GET and other non-invasive commands.

Best regards,
MPIDR

[david.domask]

Glad I could advise, and sure, consider the request submitted)) There are ways you can do this natively with Powershell but it would be at risk of any "knows enough to be dangerous" power users you have maybe recognizing this and working around it:

post456103.html#p456103

So there are some options via either REST API or you can use native PS profiles like I shared in the above post.