VBR "users and role" utility

VMware specific discussions

VBR "users and role" utility

Veeam Logoby casaubon » Fri May 04, 2012 9:33 am

Hello,

does anyone use users with the "tools > users and roles" utility ?

i don't understand how it works : i tried to grant a local user VBR6SRV\test with for example the operator role but when i connect to the VBR server (mstsc) with this user:
- I cannot open the VBR console, it's asking me the administrator password
- I cannot use the PowerShell cmdlet as it doesn't work if the user don't have admin right

you will find here the PS error :
Code: Select all
PS C:\Users\test> Add-PSSnapin VeeamPSSnapIn
PS C:\Users\test>
PS C:\Users\test> Get-VBRBackup
Get-VBRBackup : SQL server is not available
At line:1 char:14
+ Get-VBRBackup <<<<
    + CategoryInfo          : InvalidOperation: (Veeam.Backup.Po...nd.GetVBRBackup:GetVBRBackup) [Get-VBRBackup], CApp
   Exception
    + FullyQualifiedErrorId : Backup,Veeam.Backup.PowerShell.Command.GetVBRBackup


so does it make a sense to use this feature ?

Thx for your help !
casaubon
Novice
 
Posts: 7
Liked: never
Joined: Thu Jan 26, 2012 3:54 pm
Full Name: Antoine

Re: VBR "users and role' utility

Veeam Logoby foggy » Fri May 04, 2012 10:09 am

Hello, Antoine. The local user you are assigning the operator role to should have access to the Veeam SQL database to be able to open console and perform any actions within it. Once the user gets the DB access, it will be able to open console and start/stop existing jobs (if we are talking about Backup Operator role), but will not be able to perform any other administrative activities.
foggy
Veeam Software
 
Posts: 14728
Liked: 1078 times
Joined: Mon Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson

Re: VBR "users and role' utility

Veeam Logoby casaubon » Fri May 04, 2012 2:45 pm

Should this user have a "db_owner" database access or less ?
casaubon
Novice
 
Posts: 7
Liked: never
Joined: Thu Jan 26, 2012 3:54 pm
Full Name: Antoine

Re: VBR "users and role' utility

Veeam Logoby foggy » Fri May 04, 2012 3:25 pm

Yes, should have db_owner.
foggy
Veeam Software
 
Posts: 14728
Liked: 1078 times
Joined: Mon Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson

Re: VBR "users and role" utility

Veeam Logoby liviu.tutuianu » Wed Dec 11, 2013 8:46 am

Hello,

Starting from this thread, I see that in v7 we have these roles defined on VBR:

Backup Administrator - Can perform all administrative activities in Veeam Backup & Replication
Backup Operator - Can start and stop existing jobs and perform restore operations
Backup Viewer - Has the “read-only” access to Veeam Backup & Replication – can view existing and performed jobs and review the job session details
Restore Operator - Can perform restore operations using existing backups and replicas

Now, If I want to grant to some AD users access to restore files, but also to start/stop existing backup/replication jobs, I need to add them to both Backup Operator and Restore Operator groups, right?

Also, you say that these users should have db_owner. Could you be more explicit how can I assign theses permissions to my AD users? I am not familiarized with SQL statements. Each of our VBRs are Win2k8 R2, 64 bit, with Veeeam 7 with default installation.

Also, do you know if it possible to assign certain users with the rights from above only on some jobs?

Thanks in advance for your kind feedback,
Liviu
liviu.tutuianu
Enthusiast
 
Posts: 40
Liked: never
Joined: Mon Jul 09, 2012 8:17 am
Full Name: Liviu Tutuianu

Re: VBR "users and role" utility

Veeam Logoby foggy » Wed Dec 11, 2013 10:43 am

liviu.tutuianu wrote:Now, If I want to grant to some AD users access to restore files, but also to start/stop existing backup/replication jobs, I need to add them to both Backup Operator and Restore Operator groups, right?

Backup Operator role can perform restore operations, as it is stated in your post, so no need to assign second role.

liviu.tutuianu wrote:Also, you say that these users should have db_owner. Could you be more explicit how can I assign theses permissions to my AD users? I am not familiarized with SQL statements.

Just give the corresponding AD user db_owner role in SQL Server Management Studio.

liviu.tutuianu wrote:Also, do you know if it possible to assign certain users with the rights from above only on some jobs?

No, this is not possible with the current security model.
foggy
Veeam Software
 
Posts: 14728
Liked: 1078 times
Joined: Mon Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson

[MERGED] Problems with Veeam B&R Console

Veeam Logoby brunofernandez » Fri Dec 27, 2013 11:24 am

Hey there :D

I'm actually configuring Veeam to allow other persons to have access to the VBR Console.
So i created a Domain Group and putted the group in the server local "Remote Desktop User" group. btw. Veeam and the vCenter is installed on the same Server. This is the reason why o don't want to give them more rights than "RDP"
In Veeam I gave them the "Veeam Backup Viewer Role".
Image

Now, when they trie to open the Console the UAC is asking for a Admin Account. Why is VBR asking for a Admin Account when I only trie to open the console?
Image
Is there another way to allow my users to start the VBR console without to give them local admin rights?

Regards
Bruno
brunofernandez
Novice
 
Posts: 9
Liked: never
Joined: Fri Dec 27, 2013 11:11 am
Full Name: Bruno Fernandez

Re: VBR "users and role" utility

Veeam Logoby Vitaliy S. » Fri Dec 27, 2013 11:39 am

Hi Bruno,

Does the account you're trying to use have access to Veeam configuration database?

Thanks!
Vitaliy S.
Veeam Software
 
Posts: 19545
Liked: 1099 times
Joined: Mon Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov

Re: VBR "users and role" utility

Veeam Logoby brunofernandez » Fri Dec 27, 2013 11:43 am

Hi Vitaliy

Thanks for the quick reply and for moving my post.
No, the user/group is not allowed. What permissions do I have to give to them?

Regards
Bruno
brunofernandez
Novice
 
Posts: 9
Liked: never
Joined: Fri Dec 27, 2013 11:11 am
Full Name: Bruno Fernandez

Re: VBR "users and role" utility

Veeam Logoby Vitaliy S. » Fri Dec 27, 2013 11:50 am

I believe the permissions should be the following, read/write access might also do the trick:
foggy wrote:Yes, should have db_owner.
Vitaliy S.
Veeam Software
 
Posts: 19545
Liked: 1099 times
Joined: Mon Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov

Re: VBR "users and role" utility

Veeam Logoby brunofernandez » Fri Dec 27, 2013 12:00 pm

i just gave db_owner permission to the group. Still same problem.
i think this is a UAC problem. because when I add the User to the local admin group I can open the console without having permissions on the database :roll:
brunofernandez
Novice
 
Posts: 9
Liked: never
Joined: Fri Dec 27, 2013 11:11 am
Full Name: Bruno Fernandez

Re: VBR "users and role" utility

Veeam Logoby Vitaliy S. » Fri Dec 27, 2013 12:11 pm

I have double-checked and you're right local admin account is required to open Veeam backup console. Local admin account is also required when you run FLR sessions.
Vitaliy S.
Veeam Software
 
Posts: 19545
Liked: 1099 times
Joined: Mon Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov

Re: VBR "users and role" utility

Veeam Logoby brunofernandez » Fri Dec 27, 2013 12:21 pm

is there a way to change this? I dont wan't to allow this users to have local admin access.
on the same server i have sql server, vcenter and veeam installed. :oops:
brunofernandez
Novice
 
Posts: 9
Liked: never
Joined: Fri Dec 27, 2013 11:11 am
Full Name: Bruno Fernandez

Re: VBR "users and role" utility

Veeam Logoby Vitaliy S. » Fri Dec 27, 2013 12:30 pm

Unfortunately, I'm not aware of any workarounds, but we are going to address this in the next releases.
Vitaliy S.
Veeam Software
 
Posts: 19545
Liked: 1099 times
Joined: Mon Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov

Re: VBR "users and role" utility

Veeam Logoby brunofernandez » Fri Dec 27, 2013 12:36 pm

yes, this would be nice.
because with our environment constellation we can't use "Users and Roles" as long as the console must be opened with admin privileges.
brunofernandez
Novice
 
Posts: 9
Liked: never
Joined: Fri Dec 27, 2013 11:11 am
Full Name: Bruno Fernandez

Next

Return to VMware vSphere



Who is online

Users browsing this forum: Google [Bot] and 13 guests