Access Permissions for Direct Connection to Object Storage

To back up data to object storage, you must set up access permissions. General permissions are listed in the Using Object Storage Repositories section in the Veeam Backup & Replication User Guide.

Additional permissions are required for object storage in the Veeam Cloud Connect infrastructure. The list of required permissions differs depending on the selected object storage and the way the SP sets the backup infrastructure. To learn more, see the following subsections:

Amazon S3

Consider the following:

The list of permissions below is required for the following configuration:

If you plan to back up data using the configuration above, make sure the user account that you use to connect to the object storage has the following permissions:

{
 "iam:DeletePolicy",

 "iam:DeletePolicyVersion",

 "iam:DeleteUser",

 "iam:DeleteUserPolicy",

 "iam:DetachUserPolicy",

 "iam:GetPolicy",

 "iam:GetPolicyVersion",

 "iam:GetUser",

 "iam:GetUserPolicy",

 "iam:ListAccessKeys",

 "iam:ListAttachedUserPolicies",

 "iam:ListPolicyVersions",

 "iam:ListUserPolicies",

 "iam:PutUserPolicy",

 "iam:SetDefaultPolicyVersion",

 "iam:TagUser"
}

S3 Compatible Storage (Including IBM Cloud, Wasabi Cloud)

Consider the following:

The list of permissions below is required for the following configuration:

  • You plan to back up data to the S3 compatible storage.
  • Direct connection is selected in the object storage settings. To learn more, see the Specify Object Storage Account section in the Veeam Backup & Replication User Guide.

If you plan to back up data using the configuration above, make sure the user account that you use to connect to the object storage has the following permissions:

{
 "iam:AttachUserPolicy",

 "iam:CreateAccessKey",

 "iam:CreatePolicy",

 "iam:CreatePolicyVersion",

 "iam:CreateUser",

 "iam:DeleteAccessKey",

 "iam:DeletePolicy",

 "iam:DeletePolicyVersion",

 "iam:DeleteUser",

 "iam:DeleteUserPolicy",

 "iam:DetachUserPolicy",

 "iam:GetPolicy",

 "iam:GetPolicyVersion",

 "iam:GetUser",

 "iam:GetUserPolicy",

 "iam:ListAccessKeys",

 "iam:ListAttachedUserPolicies",

 "iam:ListPolicyVersions",

 "iam:ListUserPolicies",

 "iam:PutUserPolicy",

 "iam:SetDefaultPolicyVersion",

 "sts:GetCallerIdentity"
}

 

 

Google Cloud

The list of permissions below is required for the following configuration:

If you plan to back up data using the configuration above, make sure the user account that you specify in the Helper Appliance settings has the following permissions:

{
 "iam.serviceAccounts.create",
 "iam.serviceAccounts.delete",
 "iam.serviceAccounts.get",
 "iam.serviceAccounts.list",
 "storage.buckets.get",
 "storage.buckets.getIamPolicy",
 "storage.buckets.list",
 "storage.buckets.setIamPolicy",
 "storage.buckets.update",
 "storage.hmacKeys.create",
 "storage.hmacKeys.delete",
 "storage.hmacKeys.get",
 "storage.hmacKeys.list",
 "storage.objects.create",
 "storage.objects.delete",
 "storage.objects.get",
 "storage.objects.list"
}

Page updated 4/16/2024

Page content applies to build 12.3.0.310