Solved

Red Hat Virtualization Account and User Permissions

  • 3 February 2023
  • 6 replies
  • 137 views

Userlevel 2
Badge +11

Hello all,

 

I am new to RHV/OLVM environment, so what does it mean this:

 

"You must have an admin user account that can connect to Red Hat VMs"

+

The backup/restore user must have several additional permissions.

 

So, the service account that is used to connect to the hypervisor must be an admin account, able to connect to Red Hat VMs, and have the permissions listed in the doc? Why would an admin account need additional permissions? Admin isn't sufficient?

 

Regards,

icon

Best answer by Jos Meijer 6 February 2023, 13:41

View original

6 replies

Userlevel 6
Badge +15

Good morning.  You should only need an account that has access to the VMs:

“Admin user credentials for the RHEV Manager host.”

https://documentation.commvault.com/2022e/expert/31925_creating_virtualization_client_for_red_hat_enterprise_virtualization.html

Userlevel 7
Badge +16

Hi @PedroRocha 

I have configured RHV a few years ago and backed up/restored the VM's without issues.
Never had to adjust any permissions when an RHV admin user is used.

Userlevel 2
Badge +11

Good morning.  You should only need an account that has access to the VMs:

“Admin user credentials for the RHEV Manager host.”

https://documentation.commvault.com/2022e/expert/31925_creating_virtualization_client_for_red_hat_enterprise_virtualization.html

What does access to the VMs mean?

A user that can login to the VMs (Linux and Windows)? Or a user that can access de VMs folders?

Userlevel 2
Badge +11

Hi @PedroRocha 

I have configured RHV a few years ago and backed up/restored the VM's without issues.
Never had to adjust any permissions when an RHV admin user is used.

Hello

I wanted to create a backup user with restricted rights. That is why I wanted to understand all the permission requirements.

Userlevel 7
Badge +16

I believe you need these permissions on an admin type account in order to backup and restore.
Never tested it though, so please test before implementing it into production.
 

System    
  Configure System  
    Login Permissions
    Tag management Permissions
     
Network    
  Configure vNIC Profile  
    Create
    Edit Properties
    Delete
    Assign vNIC Profile to VM
     
Template    
  Basic Operations  
    Edit Properties
     
  Provisioning Operations  
    Import/Export
     
VM    
  Basic Operations  
    Reboot VM
    Stop VM
    Shut Down VM
    Run VM
     
  Provisioning Operations  
    Edit properties
    Create
    Create Instance
    Delete
    Import/Export
    Edit Storage
    Edit Snapshots
     
VM Pool    
  Basic Operations  
    Basic Operations
     
Disk    
  Provisioning Operations  
    Create
    Delete
    Edit Storage
    Attach
    Sparsify
    Edit Properties
    Access Image Storage Domains
    Live Storage Migration
    BACKUP_DISK
     
  Disk Profile  
    Attach Disk Profile
     
MAC Pools    
  Basic Operations  
    Use existing MAC Pool
Userlevel 2
Badge +11

I believe you need these permissions on an admin type account in order to backup and restore.
Never tested it though, so please test before implementing it into production.
 

System    
  Configure System  
    Login Permissions
    Tag management Permissions
     
Network    
  Configure vNIC Profile  
    Create
    Edit Properties
    Delete
    Assign vNIC Profile to VM
     
Template    
  Basic Operations  
    Edit Properties
     
  Provisioning Operations  
    Import/Export
     
VM    
  Basic Operations  
    Reboot VM
    Stop VM
    Shut Down VM
    Run VM
     
  Provisioning Operations  
    Edit properties
    Create
    Create Instance
    Delete
    Import/Export
    Edit Storage
    Edit Snapshots
     
VM Pool    
  Basic Operations  
    Basic Operations
     
Disk    
  Provisioning Operations  
    Create
    Delete
    Edit Storage
    Attach
    Sparsify
    Edit Properties
    Access Image Storage Domains
    Live Storage Migration
    BACKUP_DISK
     
  Disk Profile  
    Attach Disk Profile
     
MAC Pools    
  Basic Operations  
    Use existing MAC Pool

Thanks Jos

 

yes, role type admin and that set of permissions. I did not know admin was one of the two role types in OLVM (user and admin)

 

regards

 

Reply