This is an archive version of the document. To get the most up-to-date information, see the current version.

Required Permissions

The following table lists required permissions for user accounts to back up and restore Microsoft SharePoint data.

Operation	Required Roles and Permissions
Backup	For more information, see: The Required Permissions section of the Veeam Backup & Replication User Guide. The Required Permissions section of the Veeam Backup for Microsoft Office 365 User Guide.
Restore to on-premises Microsoft SharePoint from backups created in Veeam Backup & Replication and Veeam Backup for Microsoft Office 365	To restore data to on-premises Microsoft SharePoint, make sure to configure user accounts as follows: The account must be granted Full Control to connect to the target SharePoint server. The account must be assigned either the Site Administrator or System Account role to restore user permissions. If permissions of items being restored are inherited from the parent one, the account must be granted Full Control. If permissions of items being restored are not inherited from the parent one and items being restored replace the existing ones, the account must be granted Contribute and Full Control.
Restore to Microsoft Office 365 from backups created in Veeam Backup for Microsoft Office 365	To restore data to SharePoint Online, make sure to configure user accounts as follows: Restore Using Basic Authentication Method The account used to log in to Microsoft Office 365 must have the Global Administrator or SharePoint Administrator role assigned. For restore of personal SharePoint sites, make sure to select the Allow users to run custom script on personal sites option in the SharePoint admin center. For more information, see this Microsoft article. During restore, Veeam Backup for Microsoft Office 365 automatically assigns the Site Collection Administrator role to the user account. Restore Using Modern App-Only Authentication Method The account used to log in to Microsoft Office 365 must have the Global Administrator or SharePoint Administrator role assigned. For restore of personal SharePoint sites, make sure to select the Allow users to run custom script on personal sites option in the SharePoint admin center. For more information, see this Microsoft article. During restore, Veeam Backup for Microsoft Office 365 automatically assigns the Site Collection Administrator role to the user account. Make sure that the required settings are specified for the Azure AD application used for restore. For more information, see Required Azure AD Application Settings. If you restore data with Azure AD applications using a certificate, make sure that your Azure AD application is granted the required permissions. For more information, see the Azure AD Application Permissions section of the Veeam Backup for Microsoft Office 365 User Guide.

Operation

Required Roles and Permissions

Backup

For more information, see:

The Required Permissions section of the Veeam Backup & Replication User Guide.
The Required Permissions section of the Veeam Backup for Microsoft Office 365 User Guide.

Restore to on-premises Microsoft SharePoint from backups created in Veeam Backup & Replication and Veeam Backup for Microsoft Office 365

To restore data to on-premises Microsoft SharePoint, make sure to configure user accounts as follows:

The account must be granted Full Control to connect to the target SharePoint server.
The account must be assigned either the Site Administrator or System Account role to restore user permissions.
If permissions of items being restored are inherited from the parent one, the account must be granted Full Control.
If permissions of items being restored are not inherited from the parent one and items being restored replace the existing ones, the account must be granted Contribute and Full Control.

Restore to Microsoft Office 365 from backups created in Veeam Backup for Microsoft Office 365

To restore data to SharePoint Online, make sure to configure user accounts as follows:

Restore Using Basic Authentication Method

The account used to log in to Microsoft Office 365 must have the Global Administrator or SharePoint Administrator role assigned.

For restore of personal SharePoint sites, make sure to select the Allow users to run custom script on personal sites option in the SharePoint admin center. For more information, see this Microsoft article.
During restore, Veeam Backup for Microsoft Office 365 automatically assigns the Site Collection Administrator role to the user account.

Restore Using Modern App-Only Authentication Method

The account used to log in to Microsoft Office 365 must have the Global Administrator or SharePoint Administrator role assigned.

For restore of personal SharePoint sites, make sure to select the Allow users to run custom script on personal sites option in the SharePoint admin center. For more information, see this Microsoft article.
During restore, Veeam Backup for Microsoft Office 365 automatically assigns the Site Collection Administrator role to the user account.
Make sure that the required settings are specified for the Azure AD application used for restore. For more information, see Required Azure AD Application Settings.
If you restore data with Azure AD applications using a certificate, make sure that your Azure AD application is granted the required permissions. For more information, see the Azure AD Application Permissions section of the Veeam Backup for Microsoft Office 365 User Guide.

Consider the following:

The current account can only be used to access a local staging server. To connect to a remote server, use appropriate authentication credentials to access that server.
The account requires the sysadmin fixed server role on a staging Microsoft SQL server.
For ADFS as an authentication provider:

When using Windows Authentication, you can use both you current account or provide another account.
When using Forms Authentication, the current account cannot be used.