Required Permissions

In this article

    Make sure user accounts that you plan to use have permissions described in this section:

    Veeam Backup & Replication User Account Permissions

    The user account that you plan to use when installing and working with Veeam Backup & Replication must have permissions described in the Installing and Using Veeam Backup & Replication section in the Veeam Backup & Replication User Guide.

    If you plan to connect to a tenant using Remote Access Console, you must run the console as administrator.

    Azure User Account Permissions

    The Azure user account that you plan to use when deploying a new Veeam Backup for Microsoft Azure appliance or connecting to an existing appliance must have the following permissions:

    • The Azure user account which you use to access the Microsoft Azure Cross-platform Command Line Interface (Azure CLI) must have the Microsoft.Authorization/*/Write permissions assigned in the subscription associated with the backup appliance. For more information on managing role permissions and security in Microsoft Azure, see Microsoft Docs.
    • If you have disabled the Users can register applications option on the Microsoft Azure portal, make sure that the service account has the Application Developer, Application Administrator or Global Administrator role. For more information on role permissions in Azure Active Directory, see Microsoft Docs.
    • The Azure AD application that Microsoft Azure Plug-in for Veeam Backup & Replication uses to access Azure resources must have the Contributor role granted. For more information on Azure AD built-in roles, see Microsoft Docs.

    The Azure user account must be registered in the Global or Government region. Note that the Government region is supported starting from Microsoft Azure Plug-in for Veeam Backup & Replication version 11.0.2.167.

    Azure Storage Account Permissions

    The Azure storage account that you plan to use when connecting to an existing appliance or adding a new Blob storage must have the Storage Account Contributor role granted. For more information on Azure AD built-in roles, see Microsoft Docs.

    AWS User Account Permissions

    The AWS user account that you plan to use when restoring Azure VMs to Amazon EC2 must have permissions described in the AWS IAM User Permissions section of the Veeam Backup & Replication User Guide.

    Permissions for Virtualization Servers and Hosts

    If you plan to copy backups to on-premises repositories, to perform restore to VMware vSphere or Microsoft Hyper-V, or to perform other tasks related to virtualization servers or hosts, you must check that the user account specified for these servers and host has permissions listed in both the Using Virtualization Servers and Hosts section in the Veeam Backup & Replication User Guide for VMware vSphere and in the Using Virtualization Servers and Hosts section in the Veeam Backup & Replication User Guide for Microsoft Hyper-V.