Quantcast
Channel: Veeam Support Knowledge Base
Viewing all articles
Browse latest Browse all 4362

How to Assign Permissions to Service Accounts Used by Veeam Backup for Google Cloud Platform

September 13, 2021, 3:44 pm
$
0
0
KB ID: 4062
Product: Veeam Backup for Google Cloud Platform 2.0

Challenge

Veeam Backup for Google Cloud Platform requires a service account in each GCP project where data protection and disaster recovery tasks will be performed. The tasks include the following:

Solution

To apply the necessary permissions to a service account, you can use a script that is automatically generated while adding the project to the Veeam Backup for GCP infrastructure. Download the script and run it under an account that has permissions both to get and set project IAM policies and to create custom IAM roles (for example, it can have the iam.securityAdmin and iam.roleAdmin roles assigned). To learn what permissions and roles are required to create custom roles in IAM, see Google Cloud documentation.

NOTE: You can click Check permissions to ensure that the account now has all the permissions required to perform data protection and disaster recovery tasks for the project. Keep in mind that it may take some time for Google Cloud to apply the changes to the account, and the permission check may display the permissions as missing right after you click Check permissions. To work around the issue, try checking permissions once again in 5–10 minutes.

Alternatively, you can assign the permissions to the service account manually. The permissions are listed below.

Expand each heading below to see specific permissions.

Default Permissions 
compute.disks.addResourcePolicies
compute.disks.get
compute.instances.get
compute.resourcePolicies.create
compute.resourcePolicies.get
compute.resourcePolicies.use
compute.zones.get
serviceusage.services.list
Backup Permissions 
cloudkms.cryptoKeys.getIamPolicy
cloudkms.cryptoKeys.list
cloudkms.cryptoKeys.setIamPolicy
cloudkms.keyRings.list
compute.addresses.list
compute.disks.createSnapshot
compute.disks.get
compute.disks.list
compute.firewalls.list
compute.globalOperations.get
compute.globalOperations.list
compute.instances.get
compute.instances.list
compute.machineTypes.get
compute.networks.list
compute.projects.get
compute.regionOperations.get
compute.regions.get
compute.regions.list
compute.routes.list
compute.snapshots.create
compute.snapshots.delete
compute.snapshots.get
compute.snapshots.getIamPolicy
compute.snapshots.list
compute.snapshots.setIamPolicy
compute.snapshots.setLabels
compute.subnetworks.list
compute.zoneOperations.get
compute.zones.list
logging.sinks.create
logging.sinks.delete
logging.sinks.get
logging.sinks.list
logging.sinks.update
pubsub.subscriptions.consume
pubsub.subscriptions.create
pubsub.subscriptions.delete
pubsub.subscriptions.get
pubsub.subscriptions.list
pubsub.topics.attachSubscription
pubsub.topics.create
pubsub.topics.delete
pubsub.topics.detachSubscription
pubsub.topics.get
pubsub.topics.getIamPolicy
pubsub.topics.list
pubsub.topics.setIamPolicy
pubsub.topics.update
resourcemanager.projects.get
resourcemanager.projects.getIamPolicy
serviceusage.services.list
Snapshot Permissions 
cloudkms.cryptoKeys.list
cloudkms.keyRings.list
compute.addresses.list
compute.disks.createSnapshot
compute.disks.get
compute.disks.list
compute.firewalls.list
compute.globalOperations.get
compute.globalOperations.list
compute.instances.get
compute.instances.list
compute.networks.list
compute.regionOperations.get
compute.regions.list
compute.routes.list
compute.snapshots.create
compute.snapshots.delete
compute.snapshots.get
compute.snapshots.list
compute.snapshots.setLabels
compute.subnetworks.list
compute.zoneOperations.get
compute.zones.list
logging.sinks.create
logging.sinks.delete
logging.sinks.get
logging.sinks.list
logging.sinks.update
pubsub.subscriptions.consume
pubsub.subscriptions.create
pubsub.subscriptions.delete
pubsub.subscriptions.get
pubsub.subscriptions.list
pubsub.topics.attachSubscription
pubsub.topics.create
pubsub.topics.delete
pubsub.topics.detachSubscription
pubsub.topics.get
pubsub.topics.getIamPolicy
pubsub.topics.list
pubsub.topics.setIamPolicy
pubsub.topics.update
resourcemanager.projects.get
serviceusage.services.list
Repository Permissions 
resourcemanager.projects.get
serviceusage.services.list
storage.buckets.get
storage.buckets.list
storage.hmacKeys.create
storage.hmacKeys.get
storage.hmacKeys.list
storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.list
Restore Permissions
Note: To allow Veeam Backup for GCP to perform restore to the original location while source VM instances still exist there, you must also add the permission compute.instances.setName. The ability to rename VM instances is currently in pre-GA state. For more information, see Google Cloud documentation. 
cloudkms.cryptoKeys.getIamPolicy
cloudkms.cryptoKeys.list
cloudkms.cryptoKeys.setIamPolicy
cloudkms.keyRings.list
compute.addresses.list
compute.addresses.use
compute.addresses.useInternal
compute.disks.create
compute.disks.delete
compute.disks.get
compute.disks.list
compute.disks.setLabels
compute.disks.use
compute.disks.useReadOnly
compute.firewalls.list
compute.globalOperations.get
compute.globalOperations.list
compute.instances.create
compute.instances.delete
compute.instances.get
compute.instances.list
compute.instances.setDeletionProtection
compute.instances.setLabels
compute.instances.setMachineResources
compute.instances.setMetadata
compute.instances.setMinCpuPlatform
compute.instances.setScheduling
compute.instances.setServiceAccount
compute.instances.setTags
compute.instances.start
compute.instances.stop
compute.instances.updateDisplayDevice
compute.instances.updateNetworkInterface
compute.machineTypes.list
compute.networks.list
compute.projects.get
compute.regionOperations.get
compute.regions.get
compute.regions.list
compute.routes.list
compute.snapshots.create
compute.snapshots.delete
compute.snapshots.get
compute.snapshots.getIamPolicy
compute.snapshots.list
compute.snapshots.setLabels
compute.snapshots.useReadOnly
compute.subnetworks.list
compute.subnetworks.use
compute.subnetworks.useExternalIp
compute.zoneOperations.get
compute.zones.get
compute.zones.list
iam.serviceAccounts.actAs
iam.serviceAccounts.list
resourcemanager.projects.get
serviceusage.services.list
Worker Permissions 
compute.disks.create
compute.disks.createSnapshot
compute.disks.delete
compute.disks.list
compute.disks.setLabels
compute.disks.use
compute.firewalls.list
compute.globalOperations.get
compute.instances.create
compute.instances.delete
compute.instances.detachDisk
compute.instances.get
compute.instances.list
compute.instances.setLabels
compute.instances.setMetadata
compute.instances.setServiceAccount
compute.instances.setTags
compute.machineTypes.get
compute.networks.list
compute.projects.get
compute.regionOperations.get
compute.regions.get
compute.regions.list
compute.routes.list
compute.snapshots.create
compute.snapshots.delete
compute.snapshots.get
compute.snapshots.getIamPolicy
compute.snapshots.list
compute.snapshots.setIamPolicy
compute.snapshots.setLabels
compute.subnetworks.get
compute.subnetworks.list
compute.subnetworks.use
compute.subnetworks.useExternalIp
compute.zoneOperations.get
compute.zones.get
compute.zones.list
iam.serviceAccounts.actAs
logging.sinks.delete
logging.sinks.get
logging.sinks.list
pubsub.subscriptions.consume
pubsub.subscriptions.create
pubsub.subscriptions.delete
pubsub.subscriptions.get
pubsub.subscriptions.list
pubsub.topics.attachSubscription
pubsub.topics.create
pubsub.topics.delete
pubsub.topics.get
pubsub.topics.list
pubsub.topics.publish
resourcemanager.projects.get
resourcemanager.projects.getIamPolicy
serviceusage.services.list
Search
Viewing all articles
Browse latest Browse all 4362

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

September 22, 2019, 11:40 pm

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

February 16, 2017, 4:24 pm

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

January 5, 2014, 10:34 pm

Ominde Commission Report and Recommendations – Ominde Report of 1964

March 16, 2015, 5:14 am

Bureau of Internal Revenue: Regional Offices (Directory)

January 9, 2014, 11:06 pm

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

March 26, 2017, 11:23 pm

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

October 17, 2016, 7:20 am

Mp3 Download: Mdu - Kunjenjenjena

December 7, 2017, 8:16 am

How the kill the job , when DTP request running for long hours.

July 26, 2013, 2:41 am

Microsoft Intune から展開しているアプリのアップデートについて

October 17, 2016, 4:11 am

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

September 1, 2017, 10:00 pm

Car crash in Dunton Bassett leaves driver in critical condition

October 7, 2014, 7:51 am

Macky 2, Two Others In Road Accident

March 29, 2015, 5:34 am

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

May 14, 2015, 11:27 pm

Detroit mafia: D’Anna Brothers agree to plea deal

April 21, 2016, 6:56 am

Delivery block field greyed out using VA02

January 26, 2016, 2:52 pm

Muloraki Au

June 22, 2016, 1:44 am

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出w【リベンジポルノ】@PornHub

October 12, 2017, 2:23 pm

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

February 9, 2018, 4:56 am

FIAT 500 B0111 B0112

July 5, 2018, 10:31 am
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>