Hi Vitality,
Thankyou very much for your reply, and sorry for my delay and getting back to trying this I was side tracked by another implementation project.
I have since come back to revisit the POC and what I found is that I can certainly control things from a granular perspective within ESX so that the Veeam connector account only sees what I want that demo customer to see. However there was a catch which I only came across whilst playing around a bit.
Essentially it seems that the Veeam connection needs at least read-only access defined within the permissions of one of the hosts (anything above a host level works too but I found a single host most appropriate so far).
Once this was done everything from a Veeam perspective fell into place , I could see only the Datastores I had defined for the user , the appropriate Resource Pool, Folders and VM targets for my backups ( without being able to see anything else within the environment)
We now have quite a series of tests to run through but this is a huge step forward for the proof of concept
I will be sure to report back findings so that anyone else interested can see the results
Can you see any issues or introduced limitations by only defining the user on one ESX host as appose to all of them? When I tried any higher level such as Cluster, Datacenter or VC The user could see too much with-in Veeam and defining a manual deny for each folder I don’t want the user to see is not practical
Regards,
David