Creating Custom Role for Azure Account

Import-Module Az.Resources

$role = [Microsoft.Azure.Commands.Resources.Models.Authorization.PSRoleDefinition]::new()

$role.Name = 'Veeam Restore Operator'

$role.Description = 'Permissions for Veeam Restore to Microsoft Azure'

$role.IsCustom = $true

$permissions = @(

'Microsoft.Storage/storageAccounts/listkeys/action',

'Microsoft.Storage/storageAccounts/read',

'Microsoft.Network/locations/checkDnsNameAvailability/read',

'Microsoft.Network/virtualNetworks/read',

'Microsoft.Network/virtualNetworks/subnets/join/action',

'Microsoft.Network/publicIPAddresses/read',

'Microsoft.Network/publicIPAddresses/write',

'Microsoft.Network/publicIPAddresses/delete',

'Microsoft.Network/publicIPAddresses/join/action',

'Microsoft.Network/networkInterfaces/read',

'Microsoft.Network/networkInterfaces/write',

'Microsoft.Network/networkInterfaces/delete',

'Microsoft.Network/networkInterfaces/join/action',

'Microsoft.Network/networkSecurityGroups/read',

'Microsoft.Network/networkSecurityGroups/write',

'Microsoft.Network/networkSecurityGroups/delete',

'Microsoft.Network/networkSecurityGroups/join/action',

'Microsoft.Compute/locations/vmSizes/read',

'Microsoft.Compute/locations/usages/read',

'Microsoft.Compute/virtualMachines/read',

'Microsoft.Compute/virtualMachines/write',

'Microsoft.Compute/virtualMachines/delete',

'Microsoft.Compute/virtualMachines/start/action',

'Microsoft.Compute/virtualMachines/deallocate/action',

'Microsoft.Compute/virtualMachines/instanceView/read',

'Microsoft.Compute/virtualMachines/extensions/read',

'Microsoft.Compute/virtualMachines/extensions/write',

"Microsoft.Compute/virtualMachines/convertToManagedDisks/action",

'Microsoft.Compute/disks/read',

'Microsoft.Compute/disks/write',

"Microsoft.Compute/disks/beginGetAccess/action",

"Microsoft.Compute/disks/delete",

"Microsoft.Compute/disks/endGetAccess/action"

'Microsoft.Resources/checkResourceName/action',

'Microsoft.Resources/subscriptions/resourceGroups/read',

'Microsoft.Resources/subscriptions/resourceGroups/write',

'Microsoft.Resources/subscriptions/locations/read')

$role.Actions = $permissions

$role.NotActions = (Get-AzRoleDefinition -Name 'Virtual Machine Contributor').NotActions

$subs = '/subscriptions/00000000-0000-0000-0000-000000000000'  #use your subscription ID

$role.AssignableScopes = $subs

New-AzRoleDefinition -Role $role

Import-Module AzureRm.Resources

$role = [Microsoft.Azure.Commands.Resources.Models.Authorization.PSRoleDefinition]::new()

$role.Name = 'Veeam Restore Operator'

$role.Description = 'Permissions for Veeam Restore to Microsoft Azure'

$role.IsCustom = $true

$permissions = @(

'Microsoft.Storage/storageAccounts/listkeys/action',

'Microsoft.Storage/storageAccounts/read',

'Microsoft.Network/locations/checkDnsNameAvailability/read',

'Microsoft.Network/virtualNetworks/read',

'Microsoft.Network/virtualNetworks/subnets/join/action',

'Microsoft.Network/publicIPAddresses/read',

'Microsoft.Network/publicIPAddresses/write',

'Microsoft.Network/publicIPAddresses/delete',

'Microsoft.Network/publicIPAddresses/join/action',

'Microsoft.Network/networkInterfaces/read',

'Microsoft.Network/networkInterfaces/write',

'Microsoft.Network/networkInterfaces/delete',

'Microsoft.Network/networkInterfaces/join/action',

'Microsoft.Network/networkSecurityGroups/read',

'Microsoft.Network/networkSecurityGroups/write',

'Microsoft.Network/networkSecurityGroups/delete',

'Microsoft.Network/networkSecurityGroups/join/action',

'Microsoft.Compute/locations/vmSizes/read',

'Microsoft.Compute/locations/usages/read',

'Microsoft.Compute/virtualMachines/read',

'Microsoft.Compute/virtualMachines/write',

'Microsoft.Compute/virtualMachines/delete',

'Microsoft.Compute/virtualMachines/start/action',

'Microsoft.Compute/virtualMachines/deallocate/action',

'Microsoft.Compute/virtualMachines/instanceView/read',

'Microsoft.Compute/virtualMachines/extensions/read',

'Microsoft.Compute/virtualMachines/extensions/write',

"Microsoft.Compute/virtualMachines/convertToManagedDisks/action",

'Microsoft.Compute/disks/read',

'Microsoft.Compute/disks/write',

"Microsoft.Compute/disks/beginGetAccess/action",

"Microsoft.Compute/disks/delete",

"Microsoft.Compute/disks/endGetAccess/action"

'Microsoft.Resources/checkResourceName/action',

'Microsoft.Resources/subscriptions/resourceGroups/read',

'Microsoft.Resources/subscriptions/resourceGroups/write',

'Microsoft.Resources/subscriptions/locations/read')

$role.Actions = $permissions

$role.NotActions = (Get-AzureRmRoleDefinition -Name 'Virtual Machine Contributor').NotActions

$subs = '/subscriptions/00000000-0000-0000-0000-000000000000'  #use your subscription ID

$role.AssignableScopes = $subs

New-AzureRmRoleDefinition -Role $role