VMware User Permissions for BDRShield Backup & Recovery

VMware User Permissions for BDRShield Backup & Recovery

Purpose  

This document describes the minimum VMware vCenter permissions required for BDRShield Backup & Replication to perform backup, replication and restore operations in VMware vSphere environments.

Scope  

The permissions listed in this document apply to:

  • VMware vCenter Server

  • VMware ESXi Hosts

  • BDRSuite Backup Server

  • VMware Backup

  • VMware Replication

  • VMware Restore Operations

  • Instant Boot and Disaster Recovery

Recommended Service Account  

Create a dedicated service account in VMware vCenter.

Example:

Username: bdrshield_backup

Assign a custom role named:

BDRShield_Backup_Restore_Admin

Apply the role at the Datacenter level with "Propagate to Children" enabled.

Required VMware Privileges  

Datastore  

Privilege

Purpose

Browse Datastore

Access VM files

Low-Level File Operations

Read VMDK files

Allocate Space

Restore and create VMs

Remove File

Cleanup during restore

Update Virtual Machine Files

Restore operations

Virtual Machine - Configuration  

Privilege

Purpose

Add Existing Disk

Restore VMDKs

Add New Disk

VM creation

Change Resource

Resource allocation

Modify Device Settings

Hardware configuration

Remove Disk

Recovery operations

Rename

VM registration

Advanced Configuration

VM configuration management

Virtual Machine - Inventory  

Privilege

Purpose

Create New

Create restored VM

Register

Register recovered VM

Remove

Remove failed restores

Unregister

VM cleanup

Virtual Machine - State  

Privilege

Purpose

Create Snapshot

VMware backup processing

Remove Snapshot

Snapshot cleanup

Revert Snapshot

Recovery operations

Power On

VM restore

Power Off

Recovery operations

Reset

VM management

Suspend

Recovery workflows

Virtual Machine - Provisioning  

Privilege

Purpose

Clone Virtual Machine

Replication and restore

Clone Template

Template operations

Deploy Template

VM deployment

Mark as Template

Template conversion

Mark as Virtual Machine

Restore operations

Read Customization Specifications

Guest customization

Resource Privileges  

Privilege

Purpose

Assign Virtual Machine to Resource Pool

Restore and failover

Network Privileges  

Privilege

Purpose

Assign Network

Connect restored VM to network

Host Privileges  

Privilege

Purpose

Create Virtual Machine

VM recovery

Reconfigure Virtual Machine

Restore operations

Global Privileges  

Privilege

Purpose

Diagnostics

Infrastructure discovery

Licenses

License verification

Settings

Configuration retrieval

Backup-Only Permissions  

For environments performing backup operations only, the following permissions are mandatory:

  • Browse Datastore

  • Low-Level File Operations

  • Create Snapshot

  • Remove Snapshot

  • Read VM Inventory

  • Read VM Configuration

Additional Permissions for Restore and Replication  

The following permissions are additionally required for:

  • Full VM Restore

  • Instant Boot

  • Replication Failover

  • CloudDR Recovery

  • VMware VM Recovery

Required privileges:

  • Create Virtual Machine

  • Register Virtual Machine

  • Assign Network

  • Allocate Datastore Space

  • Resource Pool Assignment

  • Power On Virtual Machine

Best Practices  

  1. Use a dedicated service account.

  2. Avoid using the VMware Administrator account.

  3. Assign permissions at the Datacenter level.

  4. Enable permission propagation.

  5. Periodically review role assignments.

  6. Test backup and restore operations after permission changes.

Validation  

After assigning permissions:

  1. Add VMware infrastructure to BDRShield.

  2. Perform a test backup.

  3. Verify snapshot creation and removal.

  4. Perform a test VM restore.

  5. Confirm successful VM registration and power-on.

Successful completion of all validation steps confirms that the assigned permissions are sufficient for BDRShield Backup & Recovery operations.

 

    • Related Articles

    • Google Workspace Backup & Recovery

      Overview BDRShield’s Google Workspace Backup solution provides comprehensive protection for your Google Workspace data, including Gmail, Drive, Contacts, Calendar, and more. It ensures that all your critical data is securely backed up and easily ...

    • BDRShield - Release Notes

      BDRShield v9.1.0 Update 2 (Cloud) Release Date: May 25, 2026 Enhancement: Released platform-specific macOS backup agents optimized for Intel and ARM architectures. Bug Fixes: Improved file backup and restore operations by resolving issues related to ...

    • BDRShield for MSP – Frequently Asked Questions

      General Overview What is BDRShield for MSP? BDRShield’s MSP Backup Solution is a comprehensive backup and disaster recovery platform designed specifically for Managed Service Providers (MSP), Cloud Service Providers (CSP), Hosting Service Providers ...

    • VMware Backup and Recovery

      Overview BDRShield offers agentless backup solutions for VMware ESXi & vCenter. This eliminates the need to install backup agents on each VM. It also provides flexible storage, instant & granular recovery, and centralized management for efficient VM ...

    • Why is BDRShield the best VMware Backup Software?

      BDRShield is considered the best VMware backup solution due to its cost-effectiveness, robust features, comprehensive protection, and user-friendly management interface. Backup virtual machines from Any location Store Backup Anywhere - Local/Remote ...