Symantec will tell you that full administrator is needed to backup systems properly. It is the easiest way, but I’m here to tell you that is not required. There are two things that need to be done:
- Create a proper security role
- Apply that role to the various different nodes in vCenter
Role Permissions needed (we’ll call it Netbackup Role):
|Privilege Group||Privilege(s) to Enable|
Low level file operations
|Configuration||Add existing disk|
Add new disk
|Provisioning||Allow disk access|
Allow read-only disk access
Allow virtual machine download
- Apply the Netbackup service account w/ the Netbackup Role to the vCenter Node.
- Propagate down if you want everything under the vCenter node to be backed up. If not, then do not check the ‘propagate’ checkbox and continue to next steps.
- If you are continuing, that means you probably have multiple datacenters. Next is to simply apply the Netbackup service account w/ the Netbackup Role to the Datacenter’s you want to be backed up.
- Go ahead and propagate down for all datacenters you want backed up. You’re finished @ this point if there are no hosts/clusters or vm’s that need to be omitted. Otherwise continue forward.
- Next, to omit certain hosts/clusters, simply select the host/cluster that you would like to omit from backups, find the netbackup account under the permissions tab and change it’s role to ‘no access’ (if Netbackup has problems @ this point, you may need to change the role to ‘read-only’)