Backup ESXI config: create a specific restricted user for backups with VMware CLI

In a PCI compliant customer, I was required to both save ESXi configurations and use least privileges for that user.

So, I created a role named 'backups' in each ESXi host, with these items enabled:

System: all items checked
Host->Config->Settings
Host->Config->Firmware

 And then tried the backup using vicfg-cfgbackup, from vSphere SDK for Perl (I tried version 6.5.0) and a command like this:

$ vicfg-cfgbackup --server $i --username=$USER --password=$PASS -s $BACKUPPATH/backup.tar.gz

If you are using host lockdown mode, don't forget to add user 'backups' to the exception list.