Veeam Backup for Microsoft Azure 5.0 [Archived]
User Guide
Related documents
Search
This is an archive version of the document. To get the most up-to-date information, see the current version.

Azure Repository Account Permissions

Repository accounts must have either the Contributor and Key Vault Crypto Officer Azure built-in roles or a custom role assigned permissions required to manage backup repositories residing in Azure blob containers. To learn how to create custom roles, see Microsoft Docs.

The following permissions are required for Azure repository accounts. The dataActions list of permissions is required only if you plan to encrypt data stored in a backup repository using the Azure Key Vault Service.

{

"permissions": [

       {

       "actions": [

               "Microsoft.Authorization/roleAssignments/read",

               "Microsoft.Compute/diskAccesses/delete",

               "Microsoft.Compute/diskAccesses/privateEndpointConnections/read",

               "Microsoft.Compute/diskAccesses/privateEndpointConnections/write",

               "Microsoft.Compute/diskAccesses/PrivateEndpointConnectionsApproval/action",

               "Microsoft.Compute/diskAccesses/read",

               "Microsoft.Compute/diskAccesses/write",

               "Microsoft.KeyVault/vaults/deploy/action",

               "Microsoft.KeyVault/vaults/keys/versions/read",

               "Microsoft.KeyVault/vaults/read",

               "Microsoft.Network/privateEndpoints/delete",

               "Microsoft.Network/privateEndpoints/read",

               "Microsoft.Network/privateEndpoints/write",

               "Microsoft.Network/privateLinkServices/privateEndpointConnections/read",

               "Microsoft.Network/privateLinkServices/privateEndpointConnections/write",

               "Microsoft.Network/privateLinkServices/privateEndpointConnections/delete",

               "Microsoft.Resources/subscriptions/resourceGroups/read",

               "Microsoft.Storage/storageAccounts/blobServices/containers/read",

               "Microsoft.Storage/storageAccounts/blobServices/containers/write",

               "Microsoft.Storage/storageAccounts/blobServices/read",

               "Microsoft.Storage/storageAccounts/listKeys/action",

               "Microsoft.Storage/storageAccounts/privateEndpointConnections/write",

               "Microsoft.Storage/storageAccounts/PrivateEndpointConnectionsApproval/action",

               "Microsoft.Storage/storageAccounts/read"

       ],

       "notActions": [],

       "dataActions": [

               "Microsoft.KeyVault/vaults/keys/encrypt/action",

               "Microsoft.KeyVault/vaults/keys/decrypt/action",

               "Microsoft.KeyVault/vaults/keys/read"

 

       ],

       "notDataActions": []

       }

   ]

}

View all results across Veeam
Back to document search