Roles and privileges on Azure Files
To enable Snapshot Manager for Data Center to perform snapshot management operations, ensure that the credentials used for configuring the plug-in have the required roles and privileges assigned within Azure:
Table: Roles and privileges on Azure Files
Feature | Required permissions | Task/Operation |
|---|---|---|
Discovery of Azure Files | Microsoft.Resources/subscriptions/resourceGroups/read | To retrieve a list of Resource Groups in a Subscription to search for Storage Accounts. |
Microsoft.Storage/storageAccounts/read | To list Storage Accounts in a resource group. | |
Microsoft.Storage/storageAccounts/listkeys/action | To retrieve the connection Key for the Storage Account to read its contents to look for Azure file shares. | |
Microsoft.Storage/storageAccounts/fileServices/shares/read | To read Azure files in a storage account. | |
Plug-in configuration for Azure Files | Microsoft.Compute/virtualMachines/read | Required for identity-based authentication method used in plug-in configuration, when the Snapshot Manager for Data Center is deployed on a VM. |
Microsoft.Compute/virtualMachineScaleSets/read | Required for identity-based authentication method used in plug-in configuration, when the Snapshot Manager for Data Center is deployed on a Virtual Machine Scale Set. |