Veeam Backup for Microsoft Azure 8.1
User Guide
Related documents
Search

Permissions Changelog

This section describes the latest changes in service account permissions required for Veeam Backup for Microsoft Azure to perform operations.

When you update Veeam Backup for Microsoft Azure version 8 to version 8.1, consider that service accounts must be assigned additional permissions:

  • For Veeam Backup for Microsoft Azure to be able to automatically create private endpoints when protecting Azure SQL databases and Cosmos DB accounts that have public access disabled, service accounts must be additionally assigned the following permissions:

"Microsoft.DBforPostgreSQL/serverGroupsv2/privateEndpointConnectionsApproval/action",

"Microsoft.DBforPostgreSQL/serverGroupsv2/privateEndpointConnections/read",

"Microsoft.DBforPostgreSQL/serverGroupsv2/privateEndpointConnections/write",

"Microsoft.DocumentDB/databaseAccounts/PrivateEndpointConnectionsApproval/action",

"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/read",

"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/write",

"Microsoft.Sql/ManagedInstances/privateEndpointConnections/read",

"Microsoft.Sql/ManagedInstances/privateEndpointConnections/write",

"Microsoft.Sql/servers/privateEndpointConnections/read",

"Microsoft.Sql/servers/privateEndpointConnections/write",

"Microsoft.Sql/servers/PrivateEndpointConnectionsApproval/action"

  • For Veeam Backup for Microsoft Azure to be able to manage Azure storage accounts that have Shared Key authorization disabled, service accounts must be additionally assigned the following permission:

"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"

  • For Veeam Backup for Microsoft Azure to be able to delete temporary containers in Veeam storage accounts when performing file-level recovery to the original location, service accounts must be additionally assigned the following permission:

"Microsoft.Storage/storageAccounts/blobServices/containers/delete"

  • For Veeam Backup for Microsoft Azure to be able to manage Azure storage accounts that have Shared Key authorization disabled, service accounts must be additionally assigned the following dataActions:

"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action",

"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",

"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",

"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"

Page updated 9/1/2025

Page content applies to build 8.0.1.178

View all results across Veeam Help Center
Back to document search