[ID# 01232862] User can change his access without permission

[VeaamGuy]

Hi guys,
For Veeam Enterprise Manager installed on the same server as Veeam Backup and Replication, a local admin on the veeam server shouldn't necessarily have access to change his portal permissions from operator to administrator.
This is a security risk as a system admin may not be the necessarily be the backup admin.

Any quick fix for the above?

Cheers.

[veremin]

But isn't local admin capable of basically everything on that system that has both VB&R and EM installed? Logging to backup console, deleting backup files, restoring necessary data, etc. (way more than a backup admin can do). Thanks.

[VeaamGuy]

Bringing an OS level access into the backup application is a bit risky.

Lets look at the bigger picture, in a 5000+ organisation, a person with an admin role on the OS side of Veeam might not be privileged to private information stored on some VMs so even though he might have access to delete the backup that is still better than giving him the loop hole to restore the encrypted backup files somewhere to get access to that privileged information.

Kind Regards,
Rushad.

[VeaamGuy]

But isn't local admin capable of basically everything on that system that has both VB&R and EM installed? Logging to backup console, deleting backup files, restoring necessary data, etc. (way more than a backup admin can do). Thanks.

Hi guys,
As mentioned above as well, the administrator might not be privilege to some specific VMs for example an HR system which only HR staff should have access to. I have also raised this in another post that the restores should ask for password confirmations which the system doesn't do as of now: vmware-vsphere-f24/improving-security-o ... 31847.html

I hope this is taken into consideration as this can have serious impact for the security of the backups.