AzRoleAdvertizer

last sync: 2025-Apr-29 17:15:48 UTC

Backup Operator

Azure BuiltIn RBAC Role definition

Name

Backup Operator
Microsoft Learn

00c29273-979b-4161-815c-10b084fb9324

Description

Lets you manage backup services, except removal of backup, vault creation and giving access to others

Category

Storage
Microsoft Learn

CreatedOn

2017-01-03 13:21:11 UTC

UpdatedOn

2025-01-27 16:01:21 UTC

Permissions summary

Effective control plane and data plane operations: 152 (unique operations)
•action: 39
•delete: 3
•read: 96
•write: 14

Actions: 103
Resolved control plane operations from Actions: 152
Effective control plane operations: 152
•action: 39
•delete: 3
•read: 96
•write: 14

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 16338

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3371

Actions

Operation	Description
Microsoft.Authorization/*/read	wildcarded / no description
Microsoft.DataProtection/backupVaults/backupInstances/backup/action	Performs Backup on the Backup Instance
Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action	Finds Restorable Time Ranges
Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read	Returns Backup Operation Result for Backup Vault.
Microsoft.DataProtection/backupVaults/backupInstances/read	Returns all Backup Instances
Microsoft.DataProtection/backupVaults/backupInstances/read	Returns all Backup Instances
Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read	Returns all Recovery Points
Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read	Returns all Recovery Points
Microsoft.DataProtection/backupVaults/backupInstances/restore/action	Triggers restore on the Backup Instance
Microsoft.DataProtection/backupVaults/backupInstances/validateForModifyBackup/action	Validates for modification of Backup Instance
Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action	Validates for Restore of the Backup Instance
Microsoft.DataProtection/backupVaults/backupInstances/write	Creates a Backup Instance
Microsoft.DataProtection/backupVaults/backupPolicies/read	Returns all Backup Policies
Microsoft.DataProtection/backupVaults/backupPolicies/read	Returns all Backup Policies
Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/delete	The Delete ResourceGuard proxy operation deletes the specified Azure resource of type 'ResourceGuard proxy'
Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read	Get ResourceGuard proxy operation gets an object representing the Azure resource of type 'ResourceGuard proxy'
Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/unlockDelete/action	Unlock delete ResourceGuard proxy operation unlocks the next delete critical operation
Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/write	Create ResourceGuard proxy operation creates an Azure resource of type 'ResourceGuard Proxy'
Microsoft.DataProtection/backupVaults/deletedBackupInstances/read	List soft-deleted Backup Instances in a Backup Vault.
Microsoft.DataProtection/backupVaults/operationResults/read	Gets Operation Result of a Patch Operation for a Backup Vault
Microsoft.DataProtection/backupVaults/operationStatus/read	Returns Backup Operation Status for Backup Vault.
Microsoft.DataProtection/backupVaults/read	Gets list of Backup Vaults in a Resource Group
Microsoft.DataProtection/backupVaults/read	Gets list of Backup Vaults in a Resource Group
Microsoft.DataProtection/backupVaults/read	Gets list of Backup Vaults in a Resource Group
Microsoft.DataProtection/backupVaults/validateForBackup/action	Validates for backup of Backup Instance
Microsoft.DataProtection/locations/checkFeatureSupport/action	Validates if a feature is supported
Microsoft.DataProtection/locations/operationResults/read	Returns Backup Operation Result for Backup Vault.
Microsoft.DataProtection/locations/operationStatus/read	Returns Backup Operation Status for Backup Vault.
Microsoft.DataProtection/operations/read	Operation returns the list of Operations for a Resource Provider
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/crossRegionRestore/action	Triggers cross region restore operation on given backup instance.
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action	Get cross region restore job details from secondary region.
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action	List cross region restore jobs of backup instance from secondary region.
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action	Returns recovery points from secondary region for cross region restore enabled Backup Vaults.
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/validateCrossRegionRestore/action	Performs validations for cross region restore operation.
Microsoft.Network/virtualNetworks/read	Get the virtual network definition
Microsoft.RecoveryServices/locations/backupAadProperties/read	Get AAD Properties for authentication in the third region for Cross Region Restore.
Microsoft.RecoveryServices/locations/backupCrossRegionRestore/action	Trigger Cross region restore.
Microsoft.RecoveryServices/locations/backupCrrJob/action	Get Cross Region Restore Job Details in the secondary region for Recovery Services Vault.
Microsoft.RecoveryServices/locations/backupCrrJobs/action	List Cross Region Restore Jobs in the secondary region for Recovery Services Vault.
Microsoft.RecoveryServices/locations/backupCrrOperationResults/read	Returns CRR Operation Result for Recovery Services Vault.
Microsoft.RecoveryServices/locations/backupCrrOperationsStatus/read	Returns CRR Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/locations/backupPreValidateProtection/action	no description given
Microsoft.RecoveryServices/locations/backupStatus/action	Check Backup Status for Recovery Services Vaults
Microsoft.RecoveryServices/locations/backupValidateFeatures/action	Validate Features
Microsoft.RecoveryServices/locations/operationStatus/read	Gets Operation Status for a given Operation
Microsoft.RecoveryServices/operations/read	Operation returns the list of Operations for a Resource Provider
Microsoft.RecoveryServices/Vaults/backupEngines/read	Returns all the backup management servers registered with vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read	Get a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write	Create a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read	Returns status of the operation
Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read	Get all protectable containers
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action	Do inquiry for workloads within a container
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read	Get all items in a container
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read	Gets result of Operation performed on Protection Container.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action	Performs Backup for Protected Item.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read	Gets Result of Operation Performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read	Returns the status of Operation performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read	Returns object details of the Protected Item
Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/accessToken/action	Get AccessToken for Cross Region Restore.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action	Provision Instant Item Recovery for Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read	Get Recovery Points for Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action	Restore Recovery Points for Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action	Revoke Instant Item Recovery for Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write	Create a backup Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read	Returns all registered containers
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write	Creates a registered container
Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action	Refreshes the container list
Microsoft.RecoveryServices/Vaults/backupJobs/*	wildcarded / no description
Microsoft.RecoveryServices/Vaults/backupJobsExport/action	Export Jobs
Microsoft.RecoveryServices/Vaults/backupOperationResults/*	wildcarded / no description
Microsoft.RecoveryServices/Vaults/backupOperations/read	Returns Backup Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read	Get Results of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read	Get Status of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupPolicies/read	Returns all Protection Policies
Microsoft.RecoveryServices/Vaults/backupProtectableItems/*	wildcarded / no description
Microsoft.RecoveryServices/Vaults/backupProtectedItems/read	Returns the list of all Protected Items.
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read	Returns all containers belonging to the subscription
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read	List all backup Protection Intents
Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/delete	The Delete ResourceGuard proxy operation deletes the specified Azure resource of type 'ResourceGuard proxy'
Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/read	Get the list of ResourceGuard proxies for a resource
Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/unlockDelete/action	Unlock delete ResourceGuard proxy operation unlocks the next delete critical operation
Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/write	Create ResourceGuard proxy operation creates an Azure resource of type 'ResourceGuard Proxy'
Microsoft.RecoveryServices/Vaults/backupstorageconfig/*	wildcarded / no description
Microsoft.RecoveryServices/Vaults/backupTriggerValidateOperation/action	Validate Operation on Protected Item
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read	Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft.RecoveryServices/Vaults/backupValidateOperation/action	Validate Operation on Protected Item
Microsoft.RecoveryServices/Vaults/backupValidateOperationResults/read	Validate Operation on Protected Item
Microsoft.RecoveryServices/Vaults/backupValidateOperationsStatuses/read	Validate Operation on Protected Item
Microsoft.RecoveryServices/Vaults/certificates/write	The Update Resource Certificate operation updates the resource/vault credential certificate.
Microsoft.RecoveryServices/Vaults/extendedInformation/read	The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/extendedInformation/write	The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/monitoringAlerts/read	Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/monitoringAlerts/write	Resolves the alert.
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*	wildcarded / no description
Microsoft.RecoveryServices/Vaults/read	The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read	The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft.RecoveryServices/Vaults/registeredIdentities/read	The Get Containers operation can be used get the containers registered for a resource.
Microsoft.RecoveryServices/Vaults/registeredIdentities/write	The Register Service Container operation can be used to register a container with Recovery Service.
Microsoft.RecoveryServices/Vaults/usages/read	Read any Vault Usages
Microsoft.Resources/deployments/*	wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/read	Gets or lists resource groups.
Microsoft.Storage/storageAccounts/read	Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.Support/*	wildcarded / no description

NotActions

n/a

DataActions

n/a

NotDataActions

n/a

Used in
BuiltIn Policy

none

History

Date/Time (UTC ymd) (i)	Change	Change detail
2025-01-27 19:31:07	change: Actions	Actions: 'add Microsoft.DataProtection/backupVaults/backupInstances/validateForModifyBackup/action'
2024-05-03 17:44:59	change: Actions	Actions: 'add Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read; add Microsoft.DataProtection/backupVaults/backupInstances/write; add Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/delete; add Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/read; add Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/unlockDelete/action; add Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/write; add Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read; add Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/write; add Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/delete; add Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/unlockDelete/action'
2023-07-18 17:56:23	change: Actions	Actions: 'add Microsoft.DataProtection/locations/checkFeatureSupport/action'
2023-05-22 17:42:39	change: Actions	Actions: 'add Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/crossRegionRestore/action; add Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/validateCrossRegionRestore/action; add Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action; add Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action; add Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action'
2022-10-14 16:34:33	change: Actions	Actions: 'add Microsoft.DataProtection/backupVaults/operationStatus/read'
2022-09-26 16:35:37	change: Actions	Actions: 'remove Microsoft.DataProtection/providers/operations/read; add Microsoft.DataProtection/backupVaults/deletedBackupInstances/read; add Microsoft.DataProtection/operations/read; add Microsoft.DataProtection/backupVaults/validateForBackup/action; add Microsoft.DataProtection/backupVaults/backupInstances/backup/action; add Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action; add Microsoft.DataProtection/backupVaults/backupInstances/restore/action'
2021-12-16 17:24:54	change: Actions	Actions: 'add Microsoft.RecoveryServices/Vaults/backupTriggerValidateOperation/action; add Microsoft.RecoveryServices/Vaults/backupValidateOperationResults/read; add Microsoft.RecoveryServices/Vaults/backupValidateOperationsStatuses/read'
2021-06-14 13:58:52	change: Actions	Actions: 'add Microsoft.DataProtection/backupVaults/backupInstances/read; add Microsoft.DataProtection/backupVaults/backupInstances/read; add Microsoft.DataProtection/backupVaults/backupPolicies/read; add Microsoft.DataProtection/backupVaults/backupPolicies/read; add Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read; add Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read; add Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action; add Microsoft.DataProtection/backupVaults/read; add Microsoft.DataProtection/backupVaults/operationResults/read; add Microsoft.DataProtection/backupVaults/read; add Microsoft.DataProtection/backupVaults/read; add Microsoft.DataProtection/locations/operationStatus/read; add Microsoft.DataProtection/locations/operationResults/read; add Microsoft.DataProtection/providers/operations/read'
2021-01-19 16:07:23	change: Actions	Actions: 'add Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/accessToken/action; add Microsoft.RecoveryServices/locations/backupAadProperties/read; add Microsoft.RecoveryServices/locations/backupCrrJobs/action; add Microsoft.RecoveryServices/locations/backupCrrJob/action; add Microsoft.RecoveryServices/locations/backupCrossRegionRestore/action; add Microsoft.RecoveryServices/locations/backupCrrOperationResults/read; add Microsoft.RecoveryServices/locations/backupCrrOperationsStatus/read'

JSON

api-version=2023-07-01-preview

Condition

none