Security is important and having a minimal set of permissions is a requirement, not an option. Having this in mind (and being asked a few times by customers), I put together a short script that will create the vCenter Server roles required by Veeam Backup & Replication service account and Veeam ONE service account. The two accounts have different requirements, with Veeam ONE being the most restrictive as it needs mostly read only.
The script itself is pretty straight forward, the more time consuming is getting the privilege lists. So here you are:
And now for the actual scripting part:
The script will create a new vCenter Server role assigning it privileges from the file given as input.
If you ever require to get the privileges from vCenter Server then the next piece of code will help (thanks to VMware communities)
You will use the privilege ID format for creating the new role.