Skip to main content
Answer

RBAC and Granular AD control

  • August 2, 2023
  • 3 comments
  • 557 views
clownyboots178
Forum|alt.badge.img+1

Hey guys,

I am getting ready to deploy VEEAM V12 into my environment (finally - took 8+ months)

I am needing to delve into RBAC controls and granular access rights via AD 

 

anyone have any advice or a direction they could point me in?

 

thanks in advance 

Best answer by coolsport00

For sure enable MFA to start as Chris shared. Keep in mind, the accounts you use for this must be AD-based accounts..can’t enable for local accounts. Also, it’s not too intuitive to notice, but if you do select to disable MFA for an account, you do so for every account. In other words, if you select an acct in your list and deselect the option for MFA, all accounts no longer use MFA. But, there is a way to deselect for an individual account. Select the account, then the Edit button and tick the ‘This is a service account..’ option.

Also, as far as role permissions, the User Guide provides more details on the different VBR Roles available. They aren’t too granular, meaning, you can’t really add a Role to certain parts of the Console and another Role for a different part of the Console. It’s an all-or-nothing kinda deal.

Clownyboots
Chris.Childerhose
coolsport00
Madi.Cristil

3 comments

Chris.Childerhose
Forum|alt.badge.img+21

There are several new features in v12 that you can leverage, but don’t suggest you put the server on a domain as per best practice.

New features -

I would check out these to start.

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | VUG Canada Leader | vExpert 6* | Toronto VMUG Leader | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
coolsport00
dloseke
clownyboots178
Forum|alt.badge.img+1
  • clownyboots178
  • Author
  • Comes here often
  • August 2, 2023

Awesome!

 

Thanks for this, I didnt even think of keeping the machine off of the domain

 

I will check this out

Clownyboots
Chris.Childerhose
dloseke
coolsport00
Forum|alt.badge.img+21
  • coolsport00
  • Veeam Legend
  • Answer
  • August 2, 2023

For sure enable MFA to start as Chris shared. Keep in mind, the accounts you use for this must be AD-based accounts..can’t enable for local accounts. Also, it’s not too intuitive to notice, but if you do select to disable MFA for an account, you do so for every account. In other words, if you select an acct in your list and deselect the option for MFA, all accounts no longer use MFA. But, there is a way to deselect for an individual account. Select the account, then the Edit button and tick the ‘This is a service account..’ option.

Also, as far as role permissions, the User Guide provides more details on the different VBR Roles available. They aren’t too granular, meaning, you can’t really add a Role to certain parts of the Console and another Role for a different part of the Console. It’s an all-or-nothing kinda deal.

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
Chris.Childerhose
dloseke
Terms & ConditionsAccessibility statement