This is an archive version of the document. To get the most up-to-date information, see the current version.Azure Repository Account Permissions
The following permissions are required for Azure repository accounts to manage backup repositories residing in Azure blob containers. The dataActions list of permissions is required only if you plan to encrypt data stored in a backup repository using the Azure Key Vault Service.
{ "permissions": [ { "actions": [ "Microsoft.Authorization/roleAssignments/read", "Microsoft.KeyVault/vaults/deploy/action", "Microsoft.KeyVault/vaults/keys/versions/read", "Microsoft.KeyVault/vaults/read", "Microsoft.Network/privateEndpoints/delete", "Microsoft.Network/privateEndpoints/read", "Microsoft.Network/privateEndpoints/write", "Microsoft.Network/privateLinkServices/privateEndpointConnections/read", "Microsoft.Network/privateLinkServices/privateEndpointConnections/write", "Microsoft.Network/privateLinkServices/privateEndpointConnections/delete", "Microsoft.Resources/subscriptions/resourceGroups/read", "Microsoft.Storage/storageAccounts/blobServices/read", "Microsoft.Storage/storageAccounts/listKeys/action", "Microsoft.Storage/storageAccounts/privateEndpointConnections/write", "Microsoft.Storage/storageAccounts/PrivateEndpointConnectionsApproval/action", "Microsoft.Storage/storageAccounts/read" ], "notActions": [], "dataActions": [ "Microsoft.KeyVault/vaults/keys/encrypt/action", "Microsoft.KeyVault/vaults/keys/decrypt/action", "Microsoft.KeyVault/vaults/keys/read"
], "notDataActions": [] } ] } |