Veeam Backup for Microsoft Azure 3.0 [Archived]
User Guide
Related documents
Search
This is an archive version of the document. To get the most up-to-date information, see the current version.

Azure Repository Account Permissions

To manage backup repositories residing in Azure blob containers, Azure repository accounts must have the following permissions:

"permissions": [

  {

    "actions": [

        "Microsoft.Authorization/roleAssignments/read",

        "Microsoft.Resources/subscriptions/resourceGroups/read",

        "Microsoft.Storage/storageAccounts/read",

        "Microsoft.Storage/storageAccounts/listKeys/action",

        "Microsoft.Storage/storageAccounts/blobServices/read",

        "Microsoft.Authorization/roleDefinitions/write",

        "Microsoft.KeyVault/vaults/read",

        "Microsoft.KeyVault/vaults/keys/versions/read",

        "Microsoft.KeyVault/vaults/deploy/action"

       ]

   }

]

To encrypt data stored in a backup repository using the Azure Key Vault Service, a repository account used to create the backup repository must be assigned the following permissions:

"dataActions": [

     "Microsoft.KeyVault/vaults/keys/read",

     "Microsoft.KeyVault/vaults/keys/encrypt/action",

     "Microsoft.KeyVault/vaults/keys/decrypt/action"

]

View all results across Veeam
Back to document search