last sync: 2020-Sep-18 14:08:07 UTC

Azure Role

Backup Operator

Role Name Backup Operator
Role Id 00c29273-979b-4161-815c-10b084fb9324
Role Description Lets you manage backup services, except removal of backup, vault creation and giving access to others
Role Changes no changes
Actions
Operation Description Used in other Role(s)
Microsoft.Authorization/*/read API Management Service Contributor, API Management Service Operator Role, API Management Service Reader Role , Application Insights Component Contributor, Application Insights Snapshot Debugger, Automation Job Operator, Automation Runbook Operator, Automation Operator, Avere Contributor, Backup Contributor, Billing Reader, Backup Reader, BizTalk Contributor, CDN Endpoint Contributor, CDN Endpoint Reader, CDN Profile Contributor, CDN Profile Reader, Classic Network Contributor, Classic Storage Account Contributor, ClearDB MySQL DB Contributor, Classic Virtual Machine Contributor, Cognitive Services Contributor, Cosmos DB Account Reader Role, Data Box Contributor, Data Box Reader, Data Factory Contributor, Data Lake Analytics Developer, DevTest Labs User, DocumentDB Account Contributor, DNS Zone Contributor, EventGrid EventSubscription Contributor, EventGrid EventSubscription Reader, Intelligent Systems Account Contributor, Key Vault Contributor, Lab Creator, Logic App Operator, Logic App Contributor, Managed Identity Operator, Managed Identity Contributor, Network Contributor, New Relic APM Account Contributor, Redis Cache Contributor, Scheduler Job Collections Contributor, Search Service Contributor, Security Admin, Security Manager (Legacy), Security Reader, Site Recovery Contributor, Site Recovery Operator, Site Recovery Reader, SQL Managed Instance Contributor, SQL DB Contributor, SQL Security Manager, Storage Account Contributor, SQL Server Contributor, Support Request Contributor, Traffic Manager Contributor, Virtual Machine Contributor, Web Plan Contributor, Website Contributor, HDInsight Cluster Operator, Cosmos DB Operator, Private DNS Zone Contributor, Blueprint Contributor, Blueprint Operator, Azure Sentinel Contributor, Azure Sentinel Responder, Azure Sentinel Reader, SignalR AccessKey Reader, SignalR Contributor, Kubernetes Cluster - Azure Arc Onboarding, Tag Contributor, Integration Service Environment Developer, Integration Service Environment Contributor, Marketplace Admin, Key Vault Administrator (preview), Key Vault Crypto Officer (preview), Key Vault Secrets Officer (preview), Key Vault Certificates Officer (preview), Key Vault Reader (preview), Azure Arc Kubernetes Viewer, Azure Arc Kubernetes Writer, Azure Arc Kubernetes Cluster Admin, Azure Arc Kubernetes Admin, Azure Kubernetes Service RBAC Cluster Admin, Azure Kubernetes Service RBAC Admin, Azure Kubernetes Service RBAC Reader, Azure Kubernetes Service RBAC Writer, Azure Arc Enabled Kubernetes Cluster User Role, Collaborative Data Contributor, Device Update Reader, Device Update Administrator, Device Update Content Administrator, Device Update Deployments Administrator, Device Update Deployments Reader, Device Update Content Reader
Microsoft.Network/virtualNetworks/read Get the virtual network definition Avere Contributor, Avere Operator, Backup Contributor , Site Recovery Contributor, Site Recovery Operator, Virtual Machine Administrator Login, Virtual Machine User Login, Virtual Machine Contributor, Private DNS Zone Contributor
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read Returns status of the operation Backup Reader
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read Gets result of Operation performed on Protection Container. Backup Reader
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action Performs Backup for Protected Item.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read Gets Result of Operation Performed on Protected Items. Backup Reader
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read Returns the status of Operation performed on Protected Items. Backup Reader
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read Returns object details of the Protected Item Backup Reader, Virtual Machine Contributor
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action Provision Instant Item Recovery for Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read Get Recovery Points for Protected Items. Backup Reader
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action Restore Recovery Points for Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action Revoke Instant Item Recovery for Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write Create a backup Protected Item Virtual Machine Contributor
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read Returns all registered containers Backup Reader
Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action Refreshes the container list Backup Contributor
Microsoft.RecoveryServices/Vaults/backupJobs/* Backup Contributor
Microsoft.RecoveryServices/Vaults/backupJobsExport/action Export Jobs Backup Contributor, Backup Reader
Microsoft.RecoveryServices/Vaults/backupOperationResults/* Backup Contributor
Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read Get Results of Policy Operation. Backup Reader
Microsoft.RecoveryServices/Vaults/backupPolicies/read Returns all Protection Policies Backup Reader, Virtual Machine Contributor
Microsoft.RecoveryServices/Vaults/backupProtectableItems/* Backup Contributor
Microsoft.RecoveryServices/Vaults/backupProtectedItems/read Returns the list of all Protected Items. Backup Reader
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read Returns all containers belonging to the subscription Backup Reader
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read Returns summaries for Protected Items and Protected Servers for a Recovery Services . Backup Contributor, Backup Reader
Microsoft.RecoveryServices/Vaults/certificates/write The Update Resource Certificate operation updates the resource/vault credential certificate. Site Recovery Contributor
Microsoft.RecoveryServices/Vaults/extendedInformation/read The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault? Backup Reader, Site Recovery Operator, Site Recovery Reader
Microsoft.RecoveryServices/Vaults/extendedInformation/write The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/monitoringAlerts/read Gets the alerts for the Recovery services vault. Backup Contributor, Backup Reader, Site Recovery Reader
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/* Backup Contributor, Backup Reader
Microsoft.RecoveryServices/Vaults/read The Get Vault operation gets an object representing the Azure resource of type 'vault' Backup Contributor, Backup Reader, Site Recovery Contributor , Site Recovery Operator, Site Recovery Reader, Virtual Machine Contributor
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation Backup Reader, Site Recovery Operator, Site Recovery Reader
Microsoft.RecoveryServices/Vaults/registeredIdentities/read The Get Containers operation can be used get the containers registered for a resource. Backup Reader, Site Recovery Operator, Site Recovery Reader
Microsoft.RecoveryServices/Vaults/registeredIdentities/write The Register Service Container operation can be used to register a container with Recovery Service.
Microsoft.RecoveryServices/Vaults/usages/read Read any Vault Usages Backup Reader, Site Recovery Contributor, Site Recovery Operator , Site Recovery Reader, Virtual Machine Contributor
Microsoft.Resources/deployments/* API Management Service Contributor, API Management Service Operator Role, API Management Service Reader Role , Application Insights Component Contributor, Application Insights Snapshot Debugger, Automation Job Operator, Automation Runbook Operator, Automation Operator, Avere Contributor, Backup Contributor, BizTalk Contributor, CDN Endpoint Contributor, CDN Endpoint Reader, CDN Profile Contributor, CDN Profile Reader, Classic Network Contributor, Classic Storage Account Contributor, ClearDB MySQL DB Contributor, Classic Virtual Machine Contributor, Cognitive Services Contributor, Data Box Contributor, Data Factory Contributor, Data Lake Analytics Developer, DocumentDB Account Contributor, DNS Zone Contributor, EventGrid EventSubscription Contributor, Intelligent Systems Account Contributor, Key Vault Contributor, Log Analytics Contributor, Logic App Contributor, Managed Applications Reader, Managed Identity Operator, Managed Identity Contributor, Network Contributor, New Relic APM Account Contributor, Redis Cache Contributor, Scheduler Job Collections Contributor, Search Service Contributor, Security Admin, Security Manager (Legacy), Site Recovery Contributor, Site Recovery Operator, SQL Managed Instance Contributor, SQL DB Contributor, SQL Security Manager, Storage Account Contributor, SQL Server Contributor, Traffic Manager Contributor, Virtual Machine Contributor, Web Plan Contributor, Website Contributor, Cosmos DB Operator, Private DNS Zone Contributor, Blueprint Contributor, Blueprint Operator, Azure Sentinel Contributor, Azure Sentinel Responder, Azure Sentinel Reader, SignalR Contributor, Managed Application Contributor Role, Tag Contributor, Azure Kubernetes Service Contributor Role, Key Vault Administrator (preview), Key Vault Crypto Officer (preview), Key Vault Secrets Officer (preview), Key Vault Certificates Officer (preview), Key Vault Reader (preview), Collaborative Data Contributor, Device Update Reader, Device Update Administrator, Device Update Content Administrator, Device Update Deployments Administrator, Device Update Deployments Reader, Device Update Content Reader
Microsoft.Resources/subscriptions/resourceGroups/read Gets or lists resource groups. API Management Service Contributor, API Management Service Operator Role, API Management Service Reader Role , Application Insights Component Contributor, Application Insights Snapshot Debugger, Automation Job Operator, Automation Runbook Operator, Automation Operator, Avere Contributor, Avere Operator, Backup Contributor, BizTalk Contributor, CDN Endpoint Contributor, CDN Endpoint Reader, CDN Profile Contributor, CDN Profile Reader, Classic Network Contributor, Classic Storage Account Contributor, ClearDB MySQL DB Contributor, Classic Virtual Machine Contributor, Cognitive Services User, Cognitive Services Contributor, Cosmos DB Account Reader Role, Cost Management Contributor, Cost Management Reader, Data Box Contributor, Data Factory Contributor, Data Lake Analytics Developer, DevTest Labs User, DocumentDB Account Contributor, DNS Zone Contributor, EventGrid EventSubscription Contributor, EventGrid EventSubscription Reader, Intelligent Systems Account Contributor, Key Vault Contributor, Lab Creator, Logic App Operator, Logic App Contributor, Managed Identity Operator, Managed Identity Contributor, Monitoring Metrics Publisher, Network Contributor, New Relic APM Account Contributor, Redis Cache Contributor, Scheduler Job Collections Contributor, Search Service Contributor, Security Admin, Security Manager (Legacy), Security Reader, Site Recovery Contributor, Site Recovery Operator, SQL Managed Instance Contributor, SQL DB Contributor, SQL Security Manager, Storage Account Contributor, SQL Server Contributor, Support Request Contributor, Traffic Manager Contributor, Virtual Machine Contributor, Web Plan Contributor, Website Contributor, HDInsight Cluster Operator, Cosmos DB Operator, Private DNS Zone Contributor, Blueprint Contributor, Blueprint Operator, Azure Sentinel Contributor, Azure Sentinel Responder, Azure Sentinel Reader, SignalR AccessKey Reader, SignalR Contributor, Kubernetes Cluster - Azure Arc Onboarding, Experimentation Contributor, Experimentation Administrator, Tag Contributor, Key Vault Administrator (preview), Key Vault Crypto Officer (preview), Key Vault Secrets Officer (preview), Key Vault Certificates Officer (preview), Key Vault Reader (preview), Azure Arc Kubernetes Viewer, Azure Arc Kubernetes Writer, Azure Arc Kubernetes Cluster Admin, Azure Arc Kubernetes Admin, Azure Kubernetes Service RBAC Cluster Admin, Azure Kubernetes Service RBAC Admin, Azure Kubernetes Service RBAC Reader, Azure Kubernetes Service RBAC Writer, Azure Arc Enabled Kubernetes Cluster User Role, Collaborative Data Contributor, Device Update Reader, Device Update Administrator, Device Update Content Administrator, Device Update Deployments Administrator, Device Update Deployments Reader, Device Update Content Reader
Microsoft.Storage/storageAccounts/read Returns the list of storage accounts or gets the properties for the specified storage account. Backup Contributor, Logic App Contributor, Reader and Data Access , Site Recovery Contributor, Site Recovery Operator, Virtual Machine Contributor
Microsoft.RecoveryServices/Vaults/backupstorageconfig/* Backup Contributor
Microsoft.RecoveryServices/Vaults/backupValidateOperation/action Validate Operation on Protected Item Backup Contributor
Microsoft.RecoveryServices/Vaults/backupOperations/read Returns Backup Operation Status for Recovery Services Vault. Backup Contributor, Backup Reader
Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read Get Status of Policy Operation. Backup Reader
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write Creates a registered container
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action Do inquiry for workloads within a container
Microsoft.RecoveryServices/Vaults/backupEngines/read Returns all the backup management servers registered with vault. Backup Contributor, Backup Reader
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write Create a backup Protection Intent Virtual Machine Contributor
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read Get a backup Protection Intent Backup Reader
Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read Get all protectable containers Backup Contributor
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read Get all items in a container Backup Reader
Microsoft.RecoveryServices/locations/backupStatus/action Check Backup Status for Recovery Services Vaults Backup Contributor, Backup Reader
Microsoft.RecoveryServices/locations/backupPreValidateProtection/action no description given Backup Contributor
Microsoft.RecoveryServices/locations/backupValidateFeatures/action Validate Features Backup Contributor, Backup Reader
Microsoft.RecoveryServices/Vaults/monitoringAlerts/write Resolves the alert. Backup Contributor, Backup Reader
Microsoft.RecoveryServices/operations/read Operation returns the list of Operations for a Resource Provider Backup Contributor, Backup Reader
Microsoft.RecoveryServices/locations/operationStatus/read Gets Operation Status for a given Operation Backup Contributor, Backup Reader
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read List all backup Protection Intents Backup Contributor, Backup Reader
Microsoft.Support/* API Management Service Contributor, API Management Service Operator Role, API Management Service Reader Role , Application Insights Component Contributor, Application Insights Snapshot Debugger, Automation Job Operator, Automation Runbook Operator, Automation Operator, Avere Contributor, Backup Contributor, Billing Reader, BizTalk Contributor, CDN Endpoint Contributor, CDN Endpoint Reader, CDN Profile Contributor, CDN Profile Reader, Classic Network Contributor, Classic Storage Account Contributor, ClearDB MySQL DB Contributor, Classic Virtual Machine Contributor, Cognitive Services User, Cognitive Services Contributor, Cosmos DB Account Reader Role, Cost Management Contributor, Cost Management Reader, Data Box Contributor, Data Box Reader, Data Factory Contributor, Data Lake Analytics Developer, DocumentDB Account Contributor, DNS Zone Contributor, EventGrid EventSubscription Contributor, Intelligent Systems Account Contributor, Key Vault Contributor, Lab Creator, Log Analytics Reader, Log Analytics Contributor, Logic App Operator, Logic App Contributor, Managed Identity Operator, Managed Identity Contributor, Monitoring Metrics Publisher, Monitoring Reader, Network Contributor, Monitoring Contributor, New Relic APM Account Contributor, Redis Cache Contributor, Resource Policy Contributor, Scheduler Job Collections Contributor, Search Service Contributor, Security Admin, Security Manager (Legacy), Site Recovery Contributor, Site Recovery Operator, Site Recovery Reader, SQL Managed Instance Contributor, SQL DB Contributor, SQL Security Manager, Storage Account Contributor, SQL Server Contributor, Support Request Contributor, Traffic Manager Contributor, User Access Administrator, Virtual Machine Contributor, Web Plan Contributor, Website Contributor, HDInsight Cluster Operator, Cosmos DB Operator, Private DNS Zone Contributor, Blueprint Contributor, Blueprint Operator, Azure Sentinel Contributor, Azure Sentinel Responder, Azure Sentinel Reader, SignalR AccessKey Reader, SignalR Contributor, Kubernetes Cluster - Azure Arc Onboarding, Tag Contributor, Integration Service Environment Developer, Integration Service Environment Contributor, Key Vault Administrator (preview), Key Vault Crypto Officer (preview), Key Vault Secrets Officer (preview), Key Vault Certificates Officer (preview), Key Vault Reader (preview), Azure Arc Kubernetes Viewer, Azure Arc Kubernetes Writer, Azure Arc Kubernetes Cluster Admin, Azure Arc Kubernetes Admin, Azure Kubernetes Service RBAC Cluster Admin, Azure Kubernetes Service RBAC Admin, Azure Kubernetes Service RBAC Reader, Azure Kubernetes Service RBAC Writer, Azure Arc Enabled Kubernetes Cluster User Role, Collaborative Data Contributor, Device Update Reader, Device Update Administrator, Device Update Content Administrator, Device Update Deployments Administrator, Device Update Deployments Reader, Device Update Content Reader
NotActions
DataActions
NotDataActions
Used in Policy
Role Definition (Json)
{
  "Name": "Backup Operator",
  "Id": "00c29273-979b-4161-815c-10b084fb9324",
  "IsCustom": false,
  "Description": "Lets you manage backup services, except removal of backup, vault creation and giving access to others",
  "Actions": [
    "Microsoft.Authorization/*/read",
    "Microsoft.Network/virtualNetworks/read",
    "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
    "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
    "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action",
    "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
    "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
    "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
    "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action",
    "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
    "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action",
    "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action",
    "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
    "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
    "Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
    "Microsoft.RecoveryServices/Vaults/backupJobs/*",
    "Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
    "Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
    "Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
    "Microsoft.RecoveryServices/Vaults/backupPolicies/read",
    "Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
    "Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
    "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
    "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
    "Microsoft.RecoveryServices/Vaults/certificates/write",
    "Microsoft.RecoveryServices/Vaults/extendedInformation/read",
    "Microsoft.RecoveryServices/Vaults/extendedInformation/write",
    "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
    "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
    "Microsoft.RecoveryServices/Vaults/read",
    "Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
    "Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
    "Microsoft.RecoveryServices/Vaults/registeredIdentities/write",
    "Microsoft.RecoveryServices/Vaults/usages/read",
    "Microsoft.Resources/deployments/*",
    "Microsoft.Resources/subscriptions/resourceGroups/read",
    "Microsoft.Storage/storageAccounts/read",
    "Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
    "Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
    "Microsoft.RecoveryServices/Vaults/backupOperations/read",
    "Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
    "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write",
    "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action",
    "Microsoft.RecoveryServices/Vaults/backupEngines/read",
    "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
    "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
    "Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
    "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
    "Microsoft.RecoveryServices/locations/backupStatus/action",
    "Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
    "Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
    "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
    "Microsoft.RecoveryServices/operations/read",
    "Microsoft.RecoveryServices/locations/operationStatus/read",
    "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
    "Microsoft.Support/*"
  ],
  "NotActions": [
    
  ],
  "DataActions": [
    
  ],
  "NotDataActions": [
    
  ],
  "AssignableScopes": [
    "/"
  ]
}