This is an archive version of the document. To get the most up-to-date information, see the current version.

Required Permissions

Make sure user accounts that you plan to use have permissions described in this section.

Veeam Backup & Replication User Account Permissions

The user account that you plan to use when installing and working with Veeam Backup & Replication must have permissions described in the Installing and Using Veeam Backup & Replication section in the Veeam Backup & Replication User Guide.

IAM Role Permissions

To add a Veeam Backup for Google Cloud appliance into the backup infrastructure and connect to Google Cloud Storage, Google Cloud Plug-in for Veeam Backup & Replication utilizes the following types of service accounts:

Google Cloud Service Accounts

Google Cloud Plug-in for Veeam Backup & Replication utilizes a Google Cloud Platform service account when you deploy a new Veeam Backup for Google Cloud appliance and connect to an existing Veeam Backup for Google Cloud appliance. This service account must have permissions from the following list.

Required Permissions List of Permissions

{

compute.addresses.list

compute.disks.create

compute.disks.createSnapshot

compute.disks.delete

compute.disks.get

compute.disks.setLabels

compute.disks.use

compute.firewalls.list

compute.globalOperations.get

compute.instances.attachDisk

compute.instances.detachDisk

compute.instances.get

compute.instances.getGuestAttributes

compute.instances.list

compute.instances.setMetadata

compute.instances.start

compute.instances.stop

compute.networks.get

compute.networks.list

compute.projects.get

compute.regions.get

compute.regions.list

compute.snapshots.create

compute.snapshots.delete

compute.snapshots.get

compute.snapshots.useReadOnly

compute.subnetworks.get

compute.subnetworks.list

compute.zoneOperations.get

compute.zones.get

compute.zones.list

deploymentmanager.deployments.create

deploymentmanager.deployments.delete

deploymentmanager.deployments.get

deploymentmanager.operations.get

deploymentmanager.resources.list

iam.roles.create

iam.serviceAccounts.actAs

resourcemanager.projects.getIamPolicy

resourcemanager.projects.setIamPolicy

storage.buckets.create

}

For more information on adding this service account, see the Google Cloud Platform Service Account section in the Veeam Backup & Replication User Guide.

Google Cloud Account

Veeam Backup for Google Cloud utilizes a Google Cloud account to manage and perform data protection and disaster recovery operations with Veeam Backup for Google Cloud and access Google Cloud services and resources. This account is assigned the IAM roles that have permissions described in the following Veeam KB article: KB4062. For more information on adding Google Cloud account, see the Google Cloud Accounts section in the Veeam Backup & Replication User Guide.

If you plan to copy image-level backups or to restore guest OS files from image-level backups, make sure that the service accounts specified for standard backup repositories where the image-level backups are stored have permissions described in the Google Cloud Object Storage Permissions section in the Veeam Backup & Replication User Guide. For more information on how to specify credential records of a service account for existing standard backup repositories, see Connecting to Existing Appliance. For more information on how to specify service accounts for new standard backup repositories, see Adding Standard Backup Repository.

Appliance User Role Permissions

When connecting to an existing Veeam Backup for Google Cloud appliance, you must specify credentials of a user that has administrative privileges on the Veeam Backup for Google Cloud appliance. Google Cloud Plug-in for Veeam Backup & Replication uses credentials of this service account to authenticate against the appliance and get access to appliance functionality. The service account must be the Default Administrator created during the initial configuration of the appliance or another service account with Backup Administrator role. For more information on roles, see the Managing Permissions section in the Veeam Backup for Google Cloud User Guide.

Permissions for Virtualization Servers and Hosts

If you plan to copy backups to on-premises repositories, to perform restore to VMware vSphere or Microsoft Hyper-V, or to perform other tasks related to virtualization servers or hosts, you must check that the service account specified for these servers and hosts has the required permissions. These permissions are listed in the Using Virtualization Servers and Hosts section in the User Guide for VMware vSphere and in the Using Virtualization Servers and Hosts section in the User Guide for Microsoft Hyper-V.

Azure User Account Permissions

The Azure user account that you plan to use when restoring VM instances to Microsoft Azure must have the Contributor role permissions. If the Contributor role cannot be used, you can create a custom role with minimal permissions. For more information, see the Creating Custom Role for Azure Account section in the Veeam Backup & Replication User Guide. If you select to use an Azure AD application, Veeam Backup & Replication registers a new AD application that is assigned the Owner role in Microsoft Azure. For more information, see the Using Azure AD Application section in the Veeam Backup & Replication User Guide.

AWS IAM User Account Permissions

The IAM user account that you plan to use when restoring VM instances to Amazon EC2 must have permissions described in the AWS IAM User Permissions section in the Veeam Backup & Replication User Guide.