This is an archive version of the document. To get the most up-to-date information, see the current version.Permissions
To perform backup and restore operations, accounts that Microsoft Azure Plug-in for Veeam Backup & Replication uses to perform data protection and disaster recovery operations must be granted the following permissions.
Veeam Backup & Replication User Account Permissions
A user account that you plan to use when installing and working with Veeam Backup & Replication must have permissions described in the Veeam Backup & Replication User Guide, section Installing and Using Veeam Backup & Replication.
If you plan to connect to a Microsoft Azure Active Directory using Remote Access Console, you must run the console as administrator.
Veeam Backup for Microsoft Azure User Account Permissions
A user account that will be used by Veeam Backup & Replication to authenticate against the Veeam Backup for Microsoft Azure appliance and get access to the appliance functionality must be assigned the Portal Administrator role. For more information on user roles, see the Veeam Backup for Microsoft Azure User Guide, section Managing Permissions.
Note |
If you deploy a Veeam Backup for Microsoft Azure appliance from the Veeam Backup & Replication console, Veeam Backup & Replication will automatically create the necessary user account that will be assigned all the required permissions. |
You can specify an existing account or instruct Veeam Backup & Replication to create a new account:
- If you instruct Veeam Backup & Replication to create a new account, Veeam Backup & Replication creates an Azure AD application in Microsoft Azure, and automatically assigns the Owner and Key Vault Crypto User roles to the application.
- If you specify an existing account, Veeam Backup & Replication connects to an existing Azure AD application that must be assigned the following set of permissions:
Full List of Permissions
If you plan to perform only upgrade to Veeam Backup for Microsoft Azure 5a using the specified Microsoft Azure compute account, you can assign the account the following granular permissions:
List of Permissions to Upgrade Veeam Backup for Microsoft Azure Appliance to Version 5a
Virtualization Servers and Hosts Service Account Permissions
If you plan to copy backups to on-premises repositories, to perform restore to VMware vSphere and Microsoft Hyper-V environments, or to perform other tasks related to virtualization servers and hosts, you must check whether the service account specified for these servers and hosts has the required permissions described in the Veeam Backup & Replication User Guide for VMware vSphere and Veeam Backup & Replication User Guide for Microsoft Hyper-V, section Using Virtualization Servers and Hosts.
Google Cloud Service Account Permissions
A service account that you plan to use to restore Azure VMs to Google Cloud must have permissions described in the Veeam Backup & Replication User Guide, section Google Compute Engine IAM User Permissions.
An IAM user whose one-time access keys you plan to use to restore Azure VMs to AWS must have permissions described in the Veeam Backup & Replication User Guide, section AWS IAM User Permissions.
