Veeam Backup for Microsoft Azure 6.0
User Guide
Related documents
Search

Azure VM Permissions

To allow Veeam Backup for Microsoft Azure to protect Azure VMs, the service account that will be used for backup and restore operations with these VMs must have the following permissions.

Azure VM Snapshot and Backup Permissions

{

"permissions": [

       {

       "actions": [

               "Microsoft.Authorization/roleAssignments/read",

               "Microsoft.Compute/disks/beginGetAccess/action",

               "Microsoft.Compute/disks/endGetAccess/action",

               "Microsoft.Compute/disks/read",

               "Microsoft.Compute/snapshots/beginGetAccess/action",

               "Microsoft.Compute/snapshots/delete",

               "Microsoft.Compute/snapshots/endGetAccess/action",

               "Microsoft.Compute/snapshots/read",

               "Microsoft.Compute/snapshots/write",

               "Microsoft.Compute/virtualMachines/read",

               "Microsoft.Compute/virtualMachines/runCommand/action",

               "Microsoft.DevTestLab/Schedules/read",

               "Microsoft.Network/loadBalancers/read",

               "Microsoft.Network/networkInterfaces/read",

               "Microsoft.Network/networkSecurityGroups/read",

               "Microsoft.Network/publicIPAddresses/read",

               "Microsoft.Network/routeTables/join/action",

               "Microsoft.Network/virtualNetworks/read",

               "Microsoft.Resources/subscriptions/resourceGroups/read"

       ],

       "notActions": [],

       "dataActions": [],

       "notDataActions": []

       }

   ]

}

Azure VM Restore Permissions

{

"permissions": [

       {

       "actions": [

               "Microsoft.Authorization/locks/Read",

               "Microsoft.Authorization/roleAssignments/read",

               "Microsoft.Compute/availabilitySets/read",

               "Microsoft.Compute/availabilitySets/vmSizes/read",

               "Microsoft.Compute/diskAccesses/delete",

               "Microsoft.Compute/diskAccesses/privateEndpointConnections/read",

               "Microsoft.Compute/diskAccesses/privateEndpointConnections/write",

               "Microsoft.Compute/diskAccesses/PrivateEndpointConnectionsApproval/action",

               "Microsoft.Compute/diskAccesses/read",

               "Microsoft.Compute/diskAccesses/write",

               "Microsoft.Compute/diskEncryptionSets/read",

               "Microsoft.Compute/disks/beginGetAccess/action",

               "Microsoft.Compute/disks/delete",

               "Microsoft.Compute/disks/endGetAccess/action",

               "Microsoft.Compute/disks/read",

               "Microsoft.Compute/disks/write",

               "Microsoft.Compute/snapshots/read",

               "Microsoft.Compute/virtualMachines/deallocate/action",

               "Microsoft.Compute/virtualMachines/delete",

               "Microsoft.Compute/virtualMachines/read",

               "Microsoft.Compute/virtualMachines/runCommand/action",

               "Microsoft.Compute/virtualMachines/write",

               "Microsoft.DevTestLab/Schedules/write",

               "Microsoft.Network/loadBalancers/backendAddressPools/join/action",

               "Microsoft.Network/networkInterfaces/delete",

               "Microsoft.Network/networkInterfaces/join/action",

               "Microsoft.Network/networkInterfaces/read",

               "Microsoft.Network/networkInterfaces/write",

               "Microsoft.Network/networkSecurityGroups/join/action",

               "Microsoft.Network/networkSecurityGroups/read",

               "Microsoft.Network/privateEndpoints/delete",

               "Microsoft.Network/privateEndpoints/read",

               "Microsoft.Network/privateEndpoints/write",

               "Microsoft.Network/privateLinkServices/privateEndpointConnections/delete",

               "Microsoft.Network/privateLinkServices/privateEndpointConnections/read",

               "Microsoft.Network/privateLinkServices/privateEndpointConnections/write",

               "Microsoft.Network/publicIPAddresses/join/action",

               "Microsoft.Network/publicIPAddresses/read",

               "Microsoft.Network/publicIPAddresses/write",

               "Microsoft.Network/virtualNetworks/checkIpAddressAvailability/read",

               "Microsoft.Network/virtualNetworks/read",

               "Microsoft.Network/virtualNetworks/subnets/join/action",

               "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",

               "Microsoft.Network/virtualNetworks/write",

               "Microsoft.Resources/subscriptions/resourceGroups/delete",

               "Microsoft.Resources/subscriptions/resourceGroups/moveResources/action",

               "Microsoft.Resources/subscriptions/resourceGroups/read",

               "Microsoft.Resources/subscriptions/resourceGroups/validateMoveResources/action",

               "Microsoft.Resources/subscriptions/resourceGroups/write",

               "Microsoft.Storage/storageAccounts/privateEndpointConnections/write",

               "Microsoft.Storage/storageAccounts/PrivateEndpointConnectionsApproval/action"

       ],

       "notActions": [],

       "dataActions": [],

       "notDataActions": []

       }

   ]

}

View all results across Veeam
Back to document search