Plug-In Permissions
To perform backup and restore operations, accounts that Google Cloud Plug-in for Veeam Backup & Replication uses to perform data protection and disaster recovery operations must be granted the following permissions.
Veeam Backup & Replication User Account Permissions
A user account that you use when installing and working with Veeam Backup & Replication must have the permissions listed in the Veeam Backup & Replication User Guide, section Installing and Using Veeam Backup & Replication.
Veeam Backup for Google Cloud User Account Permissions
A user account that Veeam Backup & Replication uses to authenticate against a backup appliance and get access to the appliance functionality must be assigned the Portal Administrator role. For more information on user roles, see Managing User Accounts.
Note |
When you deploy a backup appliance from the Veeam Backup & Replication console, Veeam Backup & Replication automatically creates the necessary user account that is assigned all the required permissions. |
Google Cloud Service Account Permissions
Google Cloud Plug-in for Veeam Backup & Replication requires the following service accounts:
- A service account whose permissions are used to create, connect and manage backup appliances. You can create this account manually in Google Cloud or instruct Veeam Backup & Replication to create the account automatically.
If you instruct Veeam Backup & Replication to create the service account automatically, the account is assigned the Owner role with a wide scope of permissions and capabilities. If you create a new service account in Google Cloud manually, consider that the service account must have the following minimal set of permissions:
List of permissions
|
After you create a service account in Google Cloud, you must add it to Veeam Backup & Replication as described in the Veeam Backup & Replication User Guide, section Google Cloud Platform Service Account.
- A service account whose permissions are used to perform data protection and disaster recovery operations with Google Cloud resources.
- When you deploy a new backup appliance, the default service account is automatically created on this appliance and is assigned all the required permissions.
- When you connect to an existing backup appliance, Google Cloud Plug-in for Veeam Backup & Replication uses a service account with a set of predefined permissions that has already been created on this appliance.
Virtualization Servers and Hosts Service Account Permissions
If you plan to copy backups to on-premises repositories, to perform restore to VMware vSphere and Microsoft Hyper-V environments, or to perform other tasks related to virtualization servers and hosts, you must check whether the service account specified for these servers and hosts has the required permissions described in the Veeam Backup & Replication User Guide for VMware vSphere and Veeam Backup & Replication User Guide for Microsoft Hyper-V, section Using Virtualization Servers and Hosts.
Microsoft Azure Account Permissions
An Azure AD application that you plan to use to restore VM instances to Microsoft Azure must have permissions described in the Veeam Backup & Replication User Guide, section Permissions.
An IAM user whose one-time access keys you plan to use to perform restore of VM instances to Amazon EC2 must have permissions described in the Veeam Backup & Replication User Guide, section AWS IAM User Permissions.