Azure backup with reduced service account permissions

[sumeet]

Hi team,

For Veeam backup for Azure -- service account permissions as listed in the link below
https://helpcenter.veeam.com/docs/vbazu ... ml?ver=8.1

We have a question from our client, to know if it is possible to reduce these service account permissions, to remove restore (or write) related permissions and enable these permissions only when there is a restore.

Wanted to know if such a reduced permission set work with the product for backups, if yes, has this been tested?

This is primarily around security concerns raised by the team.

Regards.

[Mildur]

Hi Sumeet

You can create multiple Service Accounts and assign them different roles.
Set up one Service Account dedicated to backups, and another with the Restore role/Azure permissions for restores.
During a restore, you can specify the Service Account with the required restore permissions.

I believe this will address your question.

Best,
Fabian

[nielsengelen]

Hi Sumeet,

How would you want to manage this if you remove those permissions and then add them everytime? As that sounds complex and using our granular permissions feature is a better solution.