Privileges for VM backup and recovery on vCenter Server or ESX(i) host

Outlined in the below table are the privileges a vCenter Server user must have to perform operations on all the vCenter hosts and clusters.

To enable a user to operate on a specific ESX host only, assign the user the same privileges on the host.

Operation
Object	Privelege	Back up a VM	Back up a VM's disk	Recover to a new VM	Recover to an existing VM	VA deployment
Datastore	Allocate space			+	+	+
	Browse datastore					+
	Configure datastore	+	+	+	+	+
	Low level file operations					+
Global	Licenses	+	+	+	+
	Disable methods	+	+
	Enable methods	+	+
Host > Configuration	VM autostart configuration					+
Host > Inventory	Modify cluster					+
Host > Local operations	Create VM					+
	Delete VM					+
	Reconfigure VM					+
Network	Assign network			+	+	+
Resource	Assign VM to resource pool			+	+	+
vApp	Import					+
Virtual machine -> Configuration	Add existing disk	+	+	+
	Add new disk			+	+	+
	Add or remove device			+		+
	Advanced			+		+
	Change CPU count			+
	Disk lease	+	+
	Memory			+
	Remove disk	+	+	+	+
	Rename			+
	Settings				+
Virtual machine -> Interaction	Configure CD media			+
	Console interaction					+
	Guest operating system management by VIX API					+
	Power off				+	+
	Power on			+	+	+
Virtual machine -> Inventory	Create from existing			+	+
	Create new			+	+	+
	Move					+
	Remove			+	+	+
Virtual machine -> Provisioning	Allow disk access			+	+
	Allow virtual machine download	+	+	+	+
Virtual machine -> State	Create snapshot	+	+		+	+
	Remove snapshot	+	+		+	+

 

The roles privileges can be configured via the vSphere Client connected to a ESX(i) host/vCenter from Administration -> Roles. After that you can assign the specific user for connection to vCenter with particular role from Permissions tab, as shown in the pictures below.

More information

See also Acronis Backup Advanced for vCloud.