Identity and access management (Azure)

An Azure custom role is required for Cloud Snapshot Manager to securely transfer data to PowerProtect DD Virtual Edition.

For Cloud Snapshot Manager to be able to communicate with CSM Proxy, a role with permissions to perform the following tasks are required:

To create and manage the CSM Proxy container, the following permissions are required:

"Actions": [
                      "Microsoft.ContainerInstance/containerGroups/read",
                      "Microsoft.ContainerInstance/containerGroups/write",
                      "Microsoft.ContainerInstance/containerGroups/delete"
           ]

To create and read the network profile for CSM Proxy, the following permissions are required:

"Actions": [
                      "Microsoft.Network/networkProfiles/read",
                      "Microsoft.Network/networkProfiles/write"
           ]

To access Azure Storage Queues to communicate with CSM Proxy and to store temporary storage blobs during the DDVE restore process, the following permission is required:

"Actions": [
                      "Microsoft.Storage/storageAccounts/listKeys/action"
           ]

The required Azure permissions are available in proper format at Azure custom role.