I have been testing with the new release of VAW. With the servers I am testing, they are all currently backing up to a VBR repository.
It appears that local administrators on the servers that are being backed up have the capability to start backups and restores. Is there a way to control who has the ability to kick off backups and restores? I care less about the ability they have to start a backup, but we tightly control who has the ability to restore something, and we don't want a user to be able to restore something (just because they are a local admin on that server) without going through the proper channels first.
More alarmingly, it looks those same users have the ability to choose to restore something from any other server being backed up by VAW and stored on our VBR repository. For example, a local admin on APPSERVER1 could choose to restore a file, and then in the File Restore Wizard they can click on the "Backup" tab and see and choose from the other VAW servers, including DC1, a domain controller we are backing up that the user otherwise has no access to. That user can then restore files from the DC1 backup using APPSERVER1.
Are there any controls that we have so that users are not able to do any of this unless they are a Veeam administrator?