Veeam Backup for Microsoft Azure 6.0
User Guide
Related documents
Search

Worker Permissions

To allow Veeam Backup for Microsoft Azure to launch a worker instance in an Azure AD tenant and to access the instance when performing backup and restore operations, the service account that will be used to manage the worker instance must have the following permissions:

{

"permissions": [

       {

       "actions": [

               "Microsoft.Authorization/roleAssignments/read",

               "Microsoft.Commerce/RateCard/read",

               "Microsoft.Compute/diskAccesses/delete",

               "Microsoft.Compute/diskAccesses/privateEndpointConnections/read",

               "Microsoft.Compute/diskAccesses/privateEndpointConnections/write",

               "Microsoft.Compute/diskAccesses/PrivateEndpointConnectionsApproval/action",

               "Microsoft.Compute/diskAccesses/read",

               "Microsoft.Compute/diskAccesses/write",

               "Microsoft.Compute/disks/delete",

               "Microsoft.Compute/disks/read",

               "Microsoft.Compute/disks/write",

               "Microsoft.Compute/virtualMachines/deallocate/action",

               "Microsoft.Compute/virtualMachines/delete",

               "Microsoft.Compute/virtualMachines/extensions/read",

               "Microsoft.Compute/virtualMachines/extensions/write",

               "Microsoft.Compute/virtualMachines/read",

               "Microsoft.Compute/virtualMachines/start/action",

               "Microsoft.Compute/virtualMachines/write",

               "Microsoft.Insights/eventtypes/values/Read",

               "Microsoft.Insights/MetricDefinitions/Read",

               "Microsoft.Insights/Metrics/Read",

               "Microsoft.Network/networkInterfaces/delete",

               "Microsoft.Network/networkInterfaces/join/action",

               "Microsoft.Network/networkInterfaces/read",

               "Microsoft.Network/networkInterfaces/write",

               "Microsoft.Network/networkSecurityGroups/join/action",

               "Microsoft.Network/networkSecurityGroups/read",

               "Microsoft.Network/privateEndpoints/delete",

               "Microsoft.Network/privateEndpoints/read",

               "Microsoft.Network/privateEndpoints/write",

               "Microsoft.Network/privateLinkServices/privateEndpointConnections/delete",

               "Microsoft.Network/privateLinkServices/privateEndpointConnections/read",

               "Microsoft.Network/privateLinkServices/privateEndpointConnections/write",

               "Microsoft.Network/publicIPAddresses/delete",

               "Microsoft.Network/publicIPAddresses/join/action",

               "Microsoft.Network/publicIPAddresses/read",

               "Microsoft.Network/publicIPAddresses/write",

               "Microsoft.Network/virtualNetworks/delete",

               "Microsoft.Network/virtualNetworks/read",

               "Microsoft.Network/virtualNetworks/subnets/join/action",

               "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",

               "Microsoft.Network/virtualNetworks/write",

               "Microsoft.Resources/subscriptions/resourceGroups/read",

               "Microsoft.ServiceBus/namespaces/delete",

               "Microsoft.ServiceBus/namespaces/networkrulesets/delete",

               "Microsoft.ServiceBus/namespaces/networkrulesets/read",

               "Microsoft.ServiceBus/namespaces/networkrulesets/write",

               "Microsoft.ServiceBus/namespaces/operationresults/read",

               "Microsoft.ServiceBus/namespaces/queues/authorizationRules/ListKeys/action",

               "Microsoft.ServiceBus/namespaces/queues/authorizationRules/read",

               "Microsoft.ServiceBus/namespaces/queues/authorizationRules/write",

               "Microsoft.ServiceBus/namespaces/queues/delete",

               "Microsoft.ServiceBus/namespaces/queues/read",

               "Microsoft.ServiceBus/namespaces/queues/write",

               "Microsoft.ServiceBus/namespaces/read",

               "Microsoft.ServiceBus/namespaces/write",

               "Microsoft.ServiceBus/register/action",

               "Microsoft.Storage/storageAccounts/blobServices/containers/read",

               "Microsoft.Storage/storageAccounts/blobServices/containers/write",

               "Microsoft.Storage/storageAccounts/blobServices/read",

               "Microsoft.Storage/storageAccounts/listKeys/action",

               "Microsoft.Storage/storageAccounts/managementPolicies/write",

               "Microsoft.Storage/storageAccounts/privateEndpointConnections/write",

               "Microsoft.Storage/storageAccounts/PrivateEndpointConnectionsApproval/action",

               "Microsoft.Storage/storageAccounts/queueServices/queues/delete",

               "Microsoft.Storage/storageAccounts/queueServices/queues/read",

               "Microsoft.Storage/storageAccounts/queueServices/queues/write",

               "Microsoft.Storage/storageAccounts/read",

               "Microsoft.Storage/storageAccounts/write"

       ],

       "notActions": [],

       "dataActions": [

               "Microsoft.Storage/storageAccounts/queueServices/queues/messages/delete",

               "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",

               "Microsoft.Storage/storageAccounts/queueServices/queues/messages/write"

 

       ],

       "notDataActions": []

       }

   ]

}

View all results across Veeam
Back to document search