Step 4. Select Account Roles

At the Roles step of the wizard, you can define specific operations that Veeam Backup for Microsoft Azure will be able to perform using permissions of the service account. To do that:

  1. Set the Enable granular role assignment toggle to On and click Edit Roles.
  2. In the Management roles section, choose a type of the service account:
  • Worker management — permissions of this service account will be used to launch worker instances. If you create a service account of this type, you will be able to select it when managing worker configurations.
  • Repository management — permissions of this service account will be used to create new repositories in target Azure blob containers and further to access the repositories during data protection and disaster recovery operations. If you create a service account of this type, you will be able to select it when configuring repository settings.
  1. In the Operational roles section, choose resources that will be protected using permissions of the service account, and operations that will be performed with these resources:

Important

Keep in mind that Veeam Backup for Microsoft Azure does not grant any permissions automatically, unless you have selected the Create service account automatically option at step 3 of the wizard. That is why it is recommended that you check whether the added service account has all the permissions required to perform operations with the selected resources, as described in section Checking Service Account Permissions.

Selecting Service Account Roles