Step 5. Select Account Roles

At the Roles step of the wizard, you can define specific operations that Veeam Backup for Microsoft Azure will be able to perform using permissions of the service account:

1. Set the Enable granular role assignment toggle to On and click Edit Roles.
2. In the Management roles section, choose actions that will be performed using the service account:

• Worker management — permissions of this service account will be used to launch worker instances. If you create a service account of this type, you will be able to select it when managing worker configurations.
• Repository management — permissions of this service account will be used to create new repositories in target Azure blob containers and to further access the repositories during data protection and disaster recovery operations. If you create a service account of this type, you will be able to select it when configuring repository settings.

3. In the Operational roles section, choose resources that will be protected using permissions of the service account, and operations that will be performed with these resources:

• If you select the Backup operation, you will be able to specify the service account when performing VM backup, SQL backup, Cosmos DB backup and virtual network configuration backup.
• If you select the Snapshot operation, you will be able to specify the service account when performing VM backup and Azure Files backup.
• If you select the Restore operation, you will be able to specify the service account when performing VM restore, SQL restore, file share restore, Cosmos DB restore and virtual network configuration restore.