Restore Permissions
To allow Veeam Backup for Google Cloud to perform restore operations, the service account associated with the Google Cloud project that will be used to manage the restored instances must have the following permissions.
VM Restore Permissions
compute.addresses.list compute.disks.create compute.disks.get compute.disks.setLabels compute.disks.use compute.disks.delete compute.disks.useReadOnly compute.firewalls.list compute.globalOperations.list compute.globalOperations.get compute.instances.create compute.instances.delete compute.instances.get compute.instances.setLabels compute.instances.setMachineResources compute.instances.setMetadata compute.instances.setMinCpuPlatform compute.instances.setScheduling compute.instances.setServiceAccount compute.instances.setTags compute.instances.start compute.instances.stop compute.instances.updateDisplayDevice compute.instances.updateNetworkInterface compute.instances.setDeletionProtection compute.machineTypes.list compute.networks.list compute.projects.get compute.regionOperations.get compute.regions.get compute.regions.list compute.snapshots.create compute.snapshots.delete compute.snapshots.get compute.snapshots.getIamPolicy compute.snapshots.list compute.snapshots.setLabels compute.snapshots.useReadOnly compute.subnetworks.list compute.subnetworks.use compute.subnetworks.useExternalIp compute.zoneOperations.get compute.zones.get compute.zones.list iam.serviceAccounts.actAs iam.serviceAccounts.list resourcemanager.projects.get cloudkms.cryptoKeys.list cloudkms.keyRings.list compute.addresses.use compute.addresses.useInternal compute.disks.list compute.instances.list compute.routes.list cloudkms.cryptoKeys.setIamPolicy cloudkms.cryptoKeys.getIamPolicy serviceusage.services.list |
Important |
The ability to rename VM instances is currently in pre-GA state. For more information, see Google Cloud documentation.
To learn how to provide access to Shared VPC networks, see Google Cloud documentation. |
Cloud SQL Restore Permissions
cloudkms.cryptoKeys.getIamPolicy cloudkms.cryptoKeys.list cloudkms.cryptoKeys.setIamPolicy cloudkms.keyRings.list cloudsql.backupRuns.get cloudsql.instances.create cloudsql.instances.get cloudsql.instances.import cloudsql.instances.restoreBackup cloudsql.instances.update compute.firewalls.list compute.networks.list compute.projects.get compute.regions.list compute.routes.list compute.subnetworks.list compute.zones.list cloudsql.backupRuns.list cloudsql.databases.create cloudsql.databases.list cloudsql.instances.list cloudsql.users.create cloudsql.users.list cloudsql.users.update pubsub.subscriptions.consume pubsub.subscriptions.create pubsub.subscriptions.delete pubsub.subscriptions.get pubsub.subscriptions.list pubsub.topics.attachSubscription pubsub.topics.create pubsub.topics.delete pubsub.topics.detachSubscription pubsub.topics.get pubsub.topics.list serviceusage.services.list cloudsql.backupRuns.create cloudsql.backupRuns.delete cloudsql.databases.get |
Important |
To allow Veeam Backup for Google Cloud to access a MySQL instance while performing restore, the service account associated with the project to which the instance belongs must also have the cloudsql.instances.login permission assigned. |
Cloud Spanner Restore Permissions
spanner.backupOperations.get spanner.backups.get spanner.backups.restoreDatabase spanner.backups.delete spanner.databaseOperations.get spanner.databases.create spanner.databases.list spanner.databases.update spanner.instanceConfigOperations.get spanner.instanceConfigs.create spanner.instanceConfigs.delete spanner.instanceConfigs.get spanner.instanceConfigs.list spanner.instanceOperations.get spanner.instances.create spanner.instances.delete spanner.instances.get spanner.instances.list cloudkms.cryptoKeys.getIamPolicy cloudkms.cryptoKeys.list cloudkms.cryptoKeys.setIamPolicy cloudkms.keyRings.list compute.projects.get monitoring.timeSeries.list resourcemanager.projects.get spanner.databases.get spanner.databases.updateDdl spanner.databases.beginOrRollbackReadWriteTransaction spanner.databases.beginReadOnlyTransaction spanner.databases.write spanner.databases.select spanner.sessions.create spanner.sessions.delete pubsub.subscriptions.consume pubsub.subscriptions.create pubsub.subscriptions.delete pubsub.subscriptions.get pubsub.subscriptions.list pubsub.topics.attachSubscription pubsub.topics.create pubsub.topics.delete pubsub.topics.detachSubscription pubsub.topics.get pubsub.topics.list, serviceusage.services.list resourcemanager.projects.get resourcemanager.projects.getIamPolicy resourcemanager.projects.setIamPolicy |