vSphere 备份权限设置

12 月前

最近偶然发现 QNAP QTS 系统中的 Hyper Data Protector 支持对 vSphere ESXi 系统虚拟机的备份，但是由于官方并没有提供相关最小权限的设置指南，因此根据个人测试结果总结出了如下表格。

该表格分别针对 vCenter 和 vSphere ESXi 两种备份方式，它们使用类似的权限，但是名称并不完全对应，因此需要分别设置。该表格的权限属于通过网络进行备份的权限，如需恢复还需要额外权限。但 QNAP 备份的格式为 OVF + VMDK，因此也可以直接通过部署该模板的方式进行恢复。此外 vCenter 的备份操作仅支持在管理网口进行，也就是后续附加的 Multihoming NIC 无法支持该操作。

Permissions for VMware vSphere vCenter

Privilege Level(Category)	Required Permission
Cryptographic operations	Direct Access
	Decrypt
Datastore	Low-level file operations
	Browse datastore
Datastore cluster	Configure a datastore cluster
Folder	Create folder
	Delete folder
Global	Disable methods
	Enable methods
	Licenses
	Log event
	Manage custom attributes
	Set custom attribute
vApp	Export
	Import
Virtual machine – Change Configuration	Acquire disk lease
	Advanced configuration
	Set annotation
	Toggle disk change tracking
	Toggle fork parent
Virtual machine – Guest operations	Guest operation modifications
	Guest operation program execution
	Guest operation queries
Virtual machine – Interaction	Guest operating system management by VIX API
Virtual machine – Provisioning	Allow disk access
	Allow file access
	Allow read-only disk access
	Allow virtual machine download
Virtual machine – Snapshot management	Create snapshot
	Remove snapshot

Permissions for VMware vSphere ESXi

Privilege Level(Category)	Required Permission
Cryptographic operations	Access
	Decrypt
Datastore	FileManagement
	Browse datastore
Folder	Create
	Delete
Global	SetCustomField
	ManageCustomFields
	LogEvent
	Licenses
	DisableMethods
	EnableMethods
vApp	Export
	Import
VirtualMachine – Config	Annotation
	ToggleForkParent
	AdvancedConfig
	DiskLease
VirtualMachine – GuestOperations	Query
	Modify
	Execute
VirtualMachine – Interact	GuestControl
VirtualMachine – Provisioning	DiskRandomAccess
	DiskRandomRead
	FileRandomAccess
	GetVmFiles
VirtualMachine – State	CreateSnapshot
	RemoveSnapshot