HPE Community
Application Integration
1753773 Members
5805 Online
108799 Solutions
New Discussion юеВ

What are the minimum permissions for creating snapshots through Vmware? "Administrator" rights are off the table.

 
SOLVED
Go to solution
vtonapi131
Occasional Advisor

тАО11-12-2015 08:05 AM

тАО11-12-2015 08:05 AM

What are the minimum permissions for creating snapshots through Vmware? "Administrator" rights are off the table.

Our snapshots were failing and during the investigation, found that our user doesn't have the correct permissions in Vmware.

Message: Failed to create vCenter snapshot associated with volume collection XXXX1 schedule Nimble-Exchange-4am because the system is unable to log into the vCenter server due to an incorrect user name VMstorage or password. Verify the user name and password are correct.

Our Vmware admins will not allow Nimble to use an Administrator account due to concerns with security and general hesitation to allow anything/one admin access. What are the specific permissions required?

Thanks!

Labels:
0 Kudos
Reply
2 REPLIES 2
vtonapi131
Occasional Advisor

тАО11-12-2015 11:13 AM

тАО11-12-2015 11:13 AM

Re: What are the minimum permissions for creating snapshots through Vmware? "Administrator" rights are off the table.

Support said they will be testing, documenting, and probably publishing the permissions in a week or so. I will update when it happens.

0 Kudos
Reply
vtonapi131
Occasional Advisor

тАО12-10-2015 06:29 AM

тАО12-10-2015 06:29 AM

Solution

Re: What are the minimum permissions for creating snapshots through Vmware? "Administrator" rights are off the table.

This is what Support replied with:

Privileges for NPM (Volume Collection Backups)

тАЬVirtualMachine.State.CreateSnapshotтАЭ,

тАЬVirtualMachine.State.RemoveSnapshotтАЭ

If you try тАЬValidateтАЭ on the vCenter Sync VolColl, it will check these permissions on all the VMs in the datastores of that VolColl.

Privileges for vCenter Plugin

"Datastore.AllocateSpace",

"Datastore.Config",

"Datastore.Delete",

"Datastore.Move",

"Datastore.Rename",

"Extension.Update",

"Global.CancelTask",

"Host.Config.AdvancedConfig",

"Host.Config.NetService",

"Host.Config.Settings",

"Host.Config.Storage",

"StoragePod.Config",

"System.Anonymous",

"System.Read",

"System.View",

"Task.Create",

"Task.Update"

Along with these, we also expect the privileges in the тАЬNimbleStorageтАЭ group should be included in any custom role the user creates.

We tested it against Commvault Intellisnap requirements originally which failed. We removed all Nimble permissions, Verified Commvault Intellisnap permissions and it worked fine. The issue with OUR environment is that within Nimble protection configuration, we had to use <DOMAIN>/username for the user to integrate with Vmware. We may encounter issues in the future for not using all the permissions from Nimble vs. Commvault (there are differences) but at this rate, we have it working.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.