Required Permissions

In this article

    Make sure user accounts that you plan to use have permissions described in this section.

    Veeam Backup & Replication User Account Permissions

    The user account that you plan to use when installing and working with Veeam Backup & Replication must have permissions described in the Installing and Using Veeam Backup & Replication section in the Veeam Backup & Replication User Guide.

    IAM Role Permissions

    To add a Veeam Backup for GCP appliance into the backup infrastructure and connect to Google Cloud Storage, GCP Plug-in for Veeam Backup & Replication utilizes the following types of service accounts:

    GCP Plug-in for Veeam Backup & Replication utilizes a Google Cloud Platform service account when you deploy a new Veeam Backup for GCP appliance and connect to an existing Veeam Backup for GCP appliance. This service account must have permissions from the following list.

    Required PermissionsList of Permissions

    {

       compute.addresses.list

       compute.firewalls.list

       compute.instances.get

       compute.instances.getGuestAttributes

       compute.instances.setMetadata      

       compute.networks.get

       compute.networks.list

       compute.regions.list

       compute.subnetworks.get

       compute.subnetworks.list

       compute.zones.get

       compute.zones.list

       deploymentmanager.deployments.create

       deploymentmanager.deployments.delete

       deploymentmanager.deployments.get

       deploymentmanager.operations.get

       deploymentmanager.resources.list

       iam.roles.create

       iam.serviceAccounts.actAs

       resourcemanager.projects.getIamPolicy

       resourcemanager.projects.setIamPolicy

    }

    For more information on adding this service account, see the Google Cloud Platform Service Account section in the Veeam Backup & Replication User Guide.

    Veeam Backup for GCP utilizes a Google Cloud account to manage and perform data protection and disaster recovery operations with Veeam Backup for GCP and access GCP services and resources. This account is assigned the IAM roles that have permissions described in the following Veeam KB article: KB4062. For more information on adding Google Cloud account, see the Google Cloud Accounts section in the Veeam Backup & Replication User Guide.

    If you plan to copy image-level backups or to restore guest OS files from image-level backups, make sure that the service accounts specified for standard backup repositories where the image-level backups are stored have permissions described in the Google Cloud Object Storage Permissions section in the Veeam Backup & Replication User Guide. For more information on how to specify credential records of a service account for existing standard backup repositories, see Connecting to Existing Appliance. For more information on how to specify service accounts for new standard backup repositories, see Adding Standard Backup Repository.

    Appliance User Role Permissions

    When connecting to an existing Veeam Backup for GCP appliance, you must specify credentials of a user that has administrative privileges on the Veeam Backup for GCP appliance. GCP Plug-in for Veeam Backup & Replication uses credentials of this service account to authenticate against the appliance and get access to appliance functionality. The service account must be the Default Administrator created during the initial configuration of the appliance or another service account with Backup Administrator role. For more information on roles, see the Managing Permissions section in the Veeam Backup for GCP User Guide.

    Permissions for Virtualization Servers and Hosts

    If you plan to copy backups to on-premises repositories, to perform restore to VMware vSphere or Microsoft Hyper-V, or to perform other tasks related to virtualization servers or hosts, you must check that the service account specified for these servers and hosts has the required permissions. These permissions are listed in the Using Virtualization Servers and Hosts section in the User Guide for VMware vSphere and in the Using Virtualization Servers and Hosts section in the User Guide for Microsoft Hyper-V.

    Azure User Account Permissions

    The Azure user account that you plan to use when restoring VM instances to Microsoft Azure must have permissions described in the step 5 of the Adding Microsoft Azure Accounts section in the Veeam Backup & Replication User Guide.

    AWS IAM User Account Permissions

    The IAM user account that you plan to use when restoring VM instances to Amazon EC2 must have permissions described in the AWS IAM User Permissions section in the Veeam Backup & Replication User Guide.