AzRoleAdvertizer

last sync: 2025-Oct-31 18:22:44 UTC

Backup Reader

Azure BuiltIn RBAC Role definition

NameBackup Reader
Microsoft Learn
Ida795c7a0-d4a2-40c1-ae25-d81f01202912
DescriptionCan view backup services, but can't make changes
CategoryStorage
Microsoft Learn
CreatedOn2017-01-03 13:18:41 UTC
UpdatedOn2025-09-09 15:23:13 UTC
Permissions summary Effective control plane and data plane operations: 91 (unique operations)
•action: 11
•read: 78
•write: 2

Actions: 63
Resolved control plane operations from Actions: 91
Effective control plane operations: 91
•action: 11
•read: 78
•write: 2

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 17342

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 4078
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/actionFinds Restorable Time Ranges
Microsoft.DataProtection/backupVaults/backupInstances/operationResults/readReturns Backup Operation Result for Backup Vault.
Microsoft.DataProtection/backupVaults/backupInstances/readReturns all Backup Instances
Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/readReturns all Recovery Points
Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/readReturns all Recovery Points
Microsoft.DataProtection/backupVaults/backupPolicies/readReturns all Backup Policies
Microsoft.DataProtection/backupVaults/backupPolicies/readReturns all Backup Policies
Microsoft.DataProtection/backupVaults/deletedBackupInstances/readList soft-deleted Backup Instances in a Backup Vault.
Microsoft.DataProtection/backupVaults/operationResults/readGets Operation Result of a Patch Operation for a Backup Vault
Microsoft.DataProtection/backupVaults/operationStatus/readReturns Backup Operation Status for Backup Vault.
Microsoft.DataProtection/backupVaults/readGets list of Backup Vaults in a Resource Group
Microsoft.DataProtection/backupVaults/readGets list of Backup Vaults in a Resource Group
Microsoft.DataProtection/backupVaults/readGets list of Backup Vaults in a Resource Group
Microsoft.DataProtection/locations/checkFeatureSupport/actionValidates if a feature is supported
Microsoft.DataProtection/locations/getBackupStatus/actionCheck Backup Status for Recovery Services Vaults
Microsoft.DataProtection/locations/operationResults/readReturns Backup Operation Result for Backup Vault.
Microsoft.DataProtection/locations/operationStatus/readReturns Backup Operation Status for Backup Vault.
Microsoft.DataProtection/operations/readOperation returns the list of Operations for a Resource Provider
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/actionGet cross region restore job details from secondary region.
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/actionList cross region restore jobs of backup instance from secondary region.
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/actionReturns recovery points from secondary region for cross region restore enabled Backup Vaults.
Microsoft.RecoveryServices/locations/allocatedStamp/readGetAllocatedStamp is internal operation used by service
Microsoft.RecoveryServices/locations/backupCrrJob/actionGet Cross Region Restore Job Details in the secondary region for Recovery Services Vault.
Microsoft.RecoveryServices/locations/backupCrrJobs/actionList Cross Region Restore Jobs in the secondary region for Recovery Services Vault.
Microsoft.RecoveryServices/locations/backupCrrOperationResults/readReturns CRR Operation Result for Recovery Services Vault.
Microsoft.RecoveryServices/locations/backupCrrOperationsStatus/readReturns CRR Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/locations/backupStatus/actionCheck Backup Status for Recovery Services Vaults
Microsoft.RecoveryServices/locations/backupValidateFeatures/actionValidate Features
Microsoft.RecoveryServices/locations/operationStatus/readGets Operation Status for a given Operation
Microsoft.RecoveryServices/operations/readOperation returns the list of Operations for a Resource Provider
Microsoft.RecoveryServices/Vaults/backupconfig/readReturns Configuration for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupEngines/readReturns all the backup management servers registered with vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/readGet a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/readReturns status of the operation
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/readGet all items in a container
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/readGets result of Operation performed on Protection Container.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readGets Result of Operation Performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/readReturns the status of Operation performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readReturns object details of the Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readGet Recovery Points for Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/readReturns all registered containers
Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/readReturns the Result of Job Operation.
Microsoft.RecoveryServices/Vaults/backupJobs/readReturns all Job Objects
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionExport Jobs
Microsoft.RecoveryServices/Vaults/backupOperationResults/readReturns Backup Operation Result for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupOperations/readReturns Backup Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/readGet Results of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupPolicies/operations/readGet Status of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupPolicies/readReturns all Protection Policies
Microsoft.RecoveryServices/Vaults/backupProtectedItems/readReturns the list of all Protected Items.
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/readReturns all containers belonging to the subscription
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readList all backup Protection Intents
Microsoft.RecoveryServices/Vaults/backupstorageconfig/readReturns Storage Configuration for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readReturns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft.RecoveryServices/Vaults/extendedInformation/readThe Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readGets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeResolves the alert.
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*wildcarded / no description
Microsoft.RecoveryServices/Vaults/readThe Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readThe Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft.RecoveryServices/Vaults/registeredIdentities/readThe Get Containers operation can be used get the containers registered for a resource.
Microsoft.RecoveryServices/Vaults/usages/readRead any Vault Usages
NotActions n/a
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy		 none
History
Date/Time (UTC ymd) (i) Change Change detail
2025-09-09 17:22:47 change: Actions Actions: 'remove Microsoft.DataProtection/backupVaults/backupInstances/write; remove Microsoft.DataProtection/backupVaults/backupInstances/backup/action; remove Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action; remove Microsoft.DataProtection/backupVaults/backupInstances/restore/action; remove Microsoft.DataProtection/backupVaults/validateForBackup/action'
2024-05-02 17:48:17 change: Actions Actions: 'add Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read'
2023-07-18 17:56:23 change: Actions Actions: 'add Microsoft.DataProtection/locations/checkFeatureSupport/action'
2023-05-19 17:43:13 change: Actions Actions: 'add Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action; add Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action; add Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action'
2022-10-14 16:34:33 change: Actions Actions: 'add Microsoft.DataProtection/backupVaults/operationStatus/read'
2022-09-28 16:34:30 change: Actions Actions: 'remove Microsoft.DataProtection/providers/operations/read; add Microsoft.DataProtection/backupVaults/deletedBackupInstances/read; add Microsoft.DataProtection/operations/read'
2021-06-10 15:19:34 change: Actions Actions: 'add Microsoft.DataProtection/locations/getBackupStatus/action; add Microsoft.DataProtection/backupVaults/backupInstances/write; add Microsoft.DataProtection/backupVaults/backupInstances/read; add Microsoft.DataProtection/backupVaults/backupInstances/read; add Microsoft.DataProtection/backupVaults/backupInstances/backup/action; add Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action; add Microsoft.DataProtection/backupVaults/backupInstances/restore/action; add Microsoft.DataProtection/backupVaults/backupPolicies/read; add Microsoft.DataProtection/backupVaults/backupPolicies/read; add Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read; add Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read; add Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action; add Microsoft.DataProtection/backupVaults/read; add Microsoft.DataProtection/backupVaults/operationResults/read; add Microsoft.DataProtection/backupVaults/read; add Microsoft.DataProtection/backupVaults/read; add Microsoft.DataProtection/locations/operationStatus/read; add Microsoft.DataProtection/locations/operationResults/read; add Microsoft.DataProtection/backupVaults/validateForBackup/action; add Microsoft.DataProtection/providers/operations/read'
2021-05-25 14:52:54 change: Actions Actions: 'add Microsoft.RecoveryServices/locations/backupCrrJobs/action; add Microsoft.RecoveryServices/locations/backupCrrJob/action; add Microsoft.RecoveryServices/locations/backupCrrOperationResults/read; add Microsoft.RecoveryServices/locations/backupCrrOperationsStatus/read'
JSON
api-version=2023-07-01-preview
Condition none