Repository Permissions
To allow Veeam Backup for Microsoft Azure to create a backup repository in an Azure blob container and to access the repository when performing backup and restore operations, the service account that will be used to manage the backup repository must have the following permissions:
{ "permissions": [ { "actions": [ "Microsoft.Authorization/roleAssignments/read", "Microsoft.Compute/diskAccesses/delete", "Microsoft.Compute/diskAccesses/privateEndpointConnections/read", "Microsoft.Compute/diskAccesses/privateEndpointConnections/write", "Microsoft.Compute/diskAccesses/PrivateEndpointConnectionsApproval/action", "Microsoft.Compute/diskAccesses/read", "Microsoft.Compute/diskAccesses/write", "Microsoft.KeyVault/vaults/deploy/action", "Microsoft.KeyVault/vaults/keys/versions/read", "Microsoft.KeyVault/vaults/read", "Microsoft.Network/privateEndpoints/delete", "Microsoft.Network/privateEndpoints/read", "Microsoft.Network/privateEndpoints/write", "Microsoft.Network/privateLinkServices/privateEndpointConnections/delete", "Microsoft.Network/privateLinkServices/privateEndpointConnections/read", "Microsoft.Network/privateLinkServices/privateEndpointConnections/write", "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action", "Microsoft.Resources/subscriptions/resourceGroups/read", "Microsoft.Storage/storageAccounts/blobServices/containers/read", "Microsoft.Storage/storageAccounts/blobServices/containers/write", "Microsoft.Storage/storageAccounts/blobServices/read", "Microsoft.Storage/storageAccounts/listKeys/action", "Microsoft.Storage/storageAccounts/privateEndpointConnections/write", "Microsoft.Storage/storageAccounts/PrivateEndpointConnectionsApproval/action", "Microsoft.Storage/storageAccounts/read" ], "notActions": [], "dataActions": [ "Microsoft.KeyVault/vaults/keys/decrypt/action", "Microsoft.KeyVault/vaults/keys/encrypt/action", "Microsoft.KeyVault/vaults/keys/read"
], "notDataActions": [] } ] } |