Roles and privileges on Azure Files

To enable Snapshot Manager for Data Center to perform snapshot management operations, ensure that the credentials used for configuring the plug-in have the required roles and privileges assigned within Azure:

Table: Roles and privileges on Azure Files

Feature	Required permissions	Task/Operation
Discovery of Azure Files	Microsoft.Resources/subscriptions/resourceGroups/read	To retrieve a list of Resource Groups in a Subscription to search for Storage Accounts.
	Microsoft.Storage/storageAccounts/read	To list Storage Accounts in a resource group.
	Microsoft.Storage/storageAccounts/listkeys/action	To retrieve the connection Key for the Storage Account to read its contents to look for Azure file shares.
	Microsoft.Storage/storageAccounts/fileServices/shares/read	To read Azure files in a storage account.
Plug-in configuration for Azure Files	Microsoft.Compute/virtualMachines/read	Required for identity-based authentication method used in plug-in configuration, when the Snapshot Manager for Data Center is deployed on a VM.
Plug-in configuration for Azure Files	Microsoft.Compute/virtualMachineScaleSets/read	Required for identity-based authentication method used in plug-in configuration, when the Snapshot Manager for Data Center is deployed on a Virtual Machine Scale Set.

Roles and privileges on Azure Files

Feedback

Feedback