Introduction
In order for the Cohesity platform to protect Virtual Machines hosted within VMware a privileged account is leveraged. This account is utilized by various processes to create snapshots, create VMs, and a number of different operations for backup and restore functionality. Without an account with the proper permissions, the Cohesity system will not be able to perform any backups against a VMware source or may encounter intermittent hard-to-track errors if the permissions only slightly differ.
The following table is accurate as of the permissions required for Cohesity version 6.6.0d:
Privilege Level | Permissions |
Cryptographic operations | Add Disk |
Direct Access | |
Datastore | Allocate space |
Move datastore | |
Browse datastore | |
Remove file | |
Low-level file operations | |
Configure datastore | |
Folder | Create folder |
Delete folder | |
Global | EnableMethods |
DisableMethods | |
Log event | |
Licenses | |
Manage custom attributes | |
Set custom attribute | |
Host - Configuration | Storage partition configuration |
Maintenance | |
Query patch | |
Network | Assign network |
Resource | Assign a virtual machine to a resource pool |
Migrate powered-off virtual machine | |
Migrate powered on virtual machine | |
Session | View and stop sessions |
vApp | Add virtual machine |
Assign resource pool | |
Unregister | |
VM - Configuration | Acquire disk lease |
Add existing disk | |
Add new disk | |
Add or remove a device | |
Advanced configuration | |
Change Settings | |
Change Swapfile placement | |
Configure Raw device | |
Remove disk | |
Toggle disk change tracking | |
Rename | |
VM - Guest Operations | Guest operation modifications |
Guest operation program execution | |
Guest operation queries | |
VM - Edit Inventory | Create new |
Register | |
Remove | |
Unregister | |
VM - Interaction | Guest operating system management by VIX API |
Power on | |
Power off | |
VM - Provisioning | Allow disk access |
Allow read-only disk access | |
Allow virtual machine download | |
VM - Snapshot management | Create snapshot |
Remove snapshot | |
Revert snapshot | |
VM storage policies | Update |
View | |
vSphere Tagging | Assign or unassign tag |