AzRoleAdvertizer

last sync: 2024-Jul-26 18:17:46 UTC

Backup Contributor

Azure BuiltIn RBAC Role definition

Name

Backup Contributor

5e467623-bb1f-42f4-a55d-6e525e11384b

Description

Lets you manage backups, but can't delete vaults and give access to others

CreatedOn

2017-01-03 13:12:15 UTC

UpdatedOn

2024-05-02 09:55:42 UTC

History

Date/Time (UTC ymd) (i)	Change	Change detail
2024-05-03 17:44:59	change: Description, Actions	New Description: 'Lets you manage backups, but can't delete vaults and give access to others' Old Description: 'Lets you manage backup service,but can't create vaults and give access to others', Actions: 'add Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read; add Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/delete; add Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/read; add Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/unlockDelete/action; add Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/write; add Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read; add Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/write; add Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/delete; add Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/unlockDelete/action'
2023-05-19 17:43:13	change: Actions	Actions: 'add Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/crossRegionRestore/action; add Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/validateCrossRegionRestore/action; add Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action; add Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action; add Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action'
2023-02-27 18:48:02	change: Actions	Actions: 'add Microsoft.DataProtection/locations/checkFeatureSupport/action'
2023-02-17 18:39:13	change: Actions	Actions: 'add Microsoft.RecoveryServices/vaults/operationStatus/read; add Microsoft.RecoveryServices/vaults/operationResults/read'
2022-10-14 16:34:33	change: Actions	Actions: 'add Microsoft.DataProtection/backupVaults/operationStatus/read'
2022-09-28 16:34:30	change: Actions	Actions: 'add Microsoft.DataProtection/backupVaults/deletedBackupInstances/read; add Microsoft.DataProtection/backupVaults/deletedBackupInstances/undelete/action'
2022-07-25 16:32:45	change: Actions	Actions: 'remove Microsoft.DataProtection/providers/operations/read; add Microsoft.DataProtection/operations/read'
2021-06-14 13:58:52	change: Actions	Actions: 'add Microsoft.DataProtection/locations/getBackupStatus/action; add Microsoft.DataProtection/backupVaults/backupInstances/write; add Microsoft.DataProtection/backupVaults/backupInstances/delete; add Microsoft.DataProtection/backupVaults/backupInstances/read; add Microsoft.DataProtection/backupVaults/backupInstances/read; add Microsoft.DataProtection/backupVaults/backupInstances/backup/action; add Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action; add Microsoft.DataProtection/backupVaults/backupInstances/restore/action; add Microsoft.DataProtection/backupVaults/backupPolicies/write; add Microsoft.DataProtection/backupVaults/backupPolicies/delete; add Microsoft.DataProtection/backupVaults/backupPolicies/read; add Microsoft.DataProtection/backupVaults/backupPolicies/read; add Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read; add Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read; add Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action; add Microsoft.DataProtection/backupVaults/write; add Microsoft.DataProtection/backupVaults/read; add Microsoft.DataProtection/backupVaults/operationResults/read; add Microsoft.DataProtection/locations/checkNameAvailability/action; add Microsoft.DataProtection/backupVaults/read; add Microsoft.DataProtection/backupVaults/read; add Microsoft.DataProtection/locations/operationStatus/read; add Microsoft.DataProtection/locations/operationResults/read; add Microsoft.DataProtection/backupVaults/validateForBackup/action; add Microsoft.DataProtection/providers/operations/read'

Permissions summary

Effective control plane and data plane operations: 175 (unique operations)
•action: 46
•delete: 11
•read: 97
•write: 21

Actions: 86
Resolved control plane operations from Actions: 175
Effective control plane operations: 175
•action: 46
•delete: 11
•read: 97
•write: 21

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 15453

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3219

Actions

Operation	Description
Microsoft.Authorization/*/read	wildcarded / no description
Microsoft.DataProtection/backupVaults/backupInstances/backup/action	Performs Backup on the Backup Instance
Microsoft.DataProtection/backupVaults/backupInstances/delete	Deletes the Backup Instance
Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action	Finds Restorable Time Ranges
Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read	Returns Backup Operation Result for Backup Vault.
Microsoft.DataProtection/backupVaults/backupInstances/read	Returns all Backup Instances
Microsoft.DataProtection/backupVaults/backupInstances/read	Returns all Backup Instances
Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read	Returns all Recovery Points
Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read	Returns all Recovery Points
Microsoft.DataProtection/backupVaults/backupInstances/restore/action	Triggers restore on the Backup Instance
Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action	Validates for Restore of the Backup Instance
Microsoft.DataProtection/backupVaults/backupInstances/write	Creates a Backup Instance
Microsoft.DataProtection/backupVaults/backupPolicies/delete	Deletes the Backup Policy
Microsoft.DataProtection/backupVaults/backupPolicies/read	Returns all Backup Policies
Microsoft.DataProtection/backupVaults/backupPolicies/read	Returns all Backup Policies
Microsoft.DataProtection/backupVaults/backupPolicies/write	Creates Backup Policy
Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/delete	The Delete ResourceGuard proxy operation deletes the specified Azure resource of type 'ResourceGuard proxy'
Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read	Get ResourceGuard proxy operation gets an object representing the Azure resource of type 'ResourceGuard proxy'
Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/unlockDelete/action	Unlock delete ResourceGuard proxy operation unlocks the next delete critical operation
Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/write	Create ResourceGuard proxy operation creates an Azure resource of type 'ResourceGuard Proxy'
Microsoft.DataProtection/backupVaults/deletedBackupInstances/read	List soft-deleted Backup Instances in a Backup Vault.
Microsoft.DataProtection/backupVaults/deletedBackupInstances/undelete/action	Perform undelete of soft-deleted Backup Instance. Backup Instance moves from SoftDeleted to ProtectionStopped state.
Microsoft.DataProtection/backupVaults/operationResults/read	Gets Operation Result of a Patch Operation for a Backup Vault
Microsoft.DataProtection/backupVaults/operationStatus/read	Returns Backup Operation Status for Backup Vault.
Microsoft.DataProtection/backupVaults/read	Gets list of Backup Vaults in a Resource Group
Microsoft.DataProtection/backupVaults/read	Gets list of Backup Vaults in a Resource Group
Microsoft.DataProtection/backupVaults/read	Gets list of Backup Vaults in a Resource Group
Microsoft.DataProtection/backupVaults/validateForBackup/action	Validates for backup of Backup Instance
Microsoft.DataProtection/backupVaults/write	Update BackupVault operation updates an Azure resource of type 'Backup Vault'
Microsoft.DataProtection/locations/checkFeatureSupport/action	Validates if a feature is supported
Microsoft.DataProtection/locations/checkNameAvailability/action	Checks if the requested BackupVault Name is Available
Microsoft.DataProtection/locations/getBackupStatus/action	Check Backup Status for Recovery Services Vaults
Microsoft.DataProtection/locations/operationResults/read	Returns Backup Operation Result for Backup Vault.
Microsoft.DataProtection/locations/operationStatus/read	Returns Backup Operation Status for Backup Vault.
Microsoft.DataProtection/operations/read	Operation returns the list of Operations for a Resource Provider
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/crossRegionRestore/action	Triggers cross region restore operation on given backup instance.
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action	Get cross region restore job details from secondary region.
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action	List cross region restore jobs of backup instance from secondary region.
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action	Returns recovery points from secondary region for cross region restore enabled Backup Vaults.
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/validateCrossRegionRestore/action	Performs validations for cross region restore operation.
Microsoft.Network/virtualNetworks/read	Get the virtual network definition
Microsoft.RecoveryServices/locations/*	wildcarded / no description
Microsoft.RecoveryServices/locations/backupPreValidateProtection/action	no description given
Microsoft.RecoveryServices/locations/backupStatus/action	Check Backup Status for Recovery Services Vaults
Microsoft.RecoveryServices/locations/backupValidateFeatures/action	Validate Features
Microsoft.RecoveryServices/locations/operationStatus/read	Gets Operation Status for a given Operation
Microsoft.RecoveryServices/operations/read	Operation returns the list of Operations for a Resource Provider
Microsoft.RecoveryServices/Vaults/backupconfig/*	wildcarded / no description
Microsoft.RecoveryServices/Vaults/backupEngines/read	Returns all the backup management servers registered with vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*	wildcarded / no description
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*	wildcarded / no description
Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read	Get all protectable containers
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*	wildcarded / no description
Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action	Refreshes the container list
Microsoft.RecoveryServices/Vaults/backupJobs/*	wildcarded / no description
Microsoft.RecoveryServices/Vaults/backupJobsExport/action	Export Jobs
Microsoft.RecoveryServices/Vaults/backupOperationResults/*	wildcarded / no description
Microsoft.RecoveryServices/Vaults/backupOperations/read	Returns Backup Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupPolicies/*	wildcarded / no description
Microsoft.RecoveryServices/Vaults/backupProtectableItems/*	wildcarded / no description
Microsoft.RecoveryServices/Vaults/backupProtectedItems/*	wildcarded / no description
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*	wildcarded / no description
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read	List all backup Protection Intents
Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/delete	The Delete ResourceGuard proxy operation deletes the specified Azure resource of type 'ResourceGuard proxy'
Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/read	Get the list of ResourceGuard proxies for a resource
Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/unlockDelete/action	Unlock delete ResourceGuard proxy operation unlocks the next delete critical operation
Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/write	Create ResourceGuard proxy operation creates an Azure resource of type 'ResourceGuard Proxy'
Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*	wildcarded / no description
Microsoft.RecoveryServices/Vaults/backupstorageconfig/*	wildcarded / no description
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read	Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft.RecoveryServices/Vaults/backupValidateOperation/action	Validate Operation on Protected Item
Microsoft.RecoveryServices/Vaults/certificates/*	wildcarded / no description
Microsoft.RecoveryServices/Vaults/extendedInformation/*	wildcarded / no description
Microsoft.RecoveryServices/Vaults/monitoringAlerts/read	Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/monitoringAlerts/write	Resolves the alert.
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*	wildcarded / no description
Microsoft.RecoveryServices/vaults/operationResults/read	The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft.RecoveryServices/vaults/operationStatus/read	Gets Operation Status for a given Operation
Microsoft.RecoveryServices/Vaults/read	The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/*	wildcarded / no description
Microsoft.RecoveryServices/Vaults/usages/*	wildcarded / no description
Microsoft.RecoveryServices/Vaults/write	Create Vault operation creates an Azure resource of type 'vault'
Microsoft.Resources/deployments/*	wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/read	Gets or lists resource groups.
Microsoft.Storage/storageAccounts/read	Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.Support/*	wildcarded / no description

NotActions

n/a

DataActions

n/a

NotDataActions

n/a

Used in
BuiltIn Policy

Policy DisplayName	Policy Id	Category	State
[Preview]: Configure Azure Recovery Services vaults to disable public network access	04726aae-4e8d-427c-af7d-ecf56d490022	Backup	Preview
[Preview]: Configure backup for Azure Disks (Managed Disks) with a given tag to an existing backup vault in the same region	7b5a3b1d-d2e1-4c0b-9f3b-ad0b9a2283f4	Backup	Preview
[Preview]: Configure backup for Azure Disks (Managed Disks) without a given tag to an existing backup vault in the same region	6e68865f-f3cd-48ec-9bba-54795672eaa4	Backup	Preview
[Preview]: Configure backup for blobs on storage accounts with a given tag to an existing backup vault in the same region	615b01c4-d565-4f6f-8c6e-d130268e3a1a	Backup	Preview
[Preview]: Configure blob backup for all storage accounts that do not contain a given tag to a backup vault in the same region	958dbd4e-0e20-4385-a082-d3f20c2a6ad8	Backup	Preview
[Preview]: Disable Cross Subscription Restore for Azure Recovery Services vaults	f19b0c83-716f-4b81-85e3-2dbf057c35d6	Backup	Preview
[Preview]: Disable Cross Subscription Restore for Backup Vaults	4d479a11-f2b5-4f0a-bb1e-d2332aa95cda	Backup	Preview
Configure backup on virtual machines with a given tag to a new recovery services vault with a default policy	83644c87-93dd-49fe-bf9f-6aff8fd0834e	Backup	GA
Configure backup on virtual machines with a given tag to an existing recovery services vault in the same location	345fa903-145c-4fe1-8bcd-93ec2adccde8	Backup	GA
Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy	98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86	Backup	GA
Configure backup on virtual machines without a given tag to an existing recovery services vault in the same location	09ce66bc-1220-4153-8104-e3f51c936913	Backup	GA

JSON

api-version=2023-07-01-preview

Condition

none