For most Azure resources, Commvault provides a custom role that includes the permissions that are required to protect the resources. You can use Azure built-in roles instead. If there is no custom role for an Azure resource that you want to protect, you can create your own custom role.
Using custom roles is the securest way to give Commvault access to your Azure resources.
For instructions to assign roles, see Assign Azure roles using the Azure portal.
Custom Roles
Important
In the JSON file, change placeholder values such as {subscription-id}.
|
Azure resources |
Custom role for Azure Portal |
Custom role for Azure CLI |
|---|---|---|
|
||
|
Azure VM, encrypted and unencrypted |
||
|
Azure VM, unencrypted |
||
|
None |
|
|
Azure File Storage |
None |
Built-In Roles
| Azure resources | Roles to assign to the subscription | Roles to assign to the storage account |
|---|---|---|
|
|
None |
|
|
None |
| Azure VMs, encrypted | None | None |
| Azure VMs, unencrypted |
|
None |
|
|
None |
| Azure File Storage | Storage Account Contributor |
|