> Essential > Cloud > Azure > Configuring Access to Azure Resources

Role Requirements for Protecting Azure Resources with Commvault

When possible, use the Commvault-provided custom roles, for least-privilege access. If there is no custom role for an Azure resource that you want to protect, you can create your own custom role or you can use Azure built-in roles.

For instructions to assign roles, see Assign Azure roles using the Azure portal.

Custom Roles

Important

In the JSON file, change placeholder values such as {subscription-id}.

Azure resources

Custom role for Azure Portal

Custom role for Azure CLI

  • Azure Cosmos DB for Cassandra, MongoDB, NoSQL, and Table

  • Azure Database for MariaDB, MySQL, and PostgreSQL

  • Azure SQL Database

  • Azure SQL Managed Instance

  • Azure Table Storage

AzureDBBackupRole.json

AzureDBBackupRole_CLI.json

Azure VM, encrypted

CVBackupRole-Encryption.json

None

Azure VM, unencrypted

CVBackupRole.json

None

  • Azure Blob Storage

  • Azure Data Lake Storage Gen2

AzureBlobADLSGen2BackupRole.json

None

Azure File Storage

AzureFileBackupRole.json

None

Built-In Roles

Azure resources Roles to assign to the subscription Roles to assign to the storage account
  • Azure Cosmos DB for Cassandra, MongoDB, NoSQL, and Table

  • Azure Database for MariaDB, MySQL, and PostgreSQL
  • Contributor

  • Blob Storage Contributor

 None
  • Azure SQL Database

  • Azure SQL Managed Instance
  • SQL Server Contributor

  • SQL Managed Instance Contributor

  • Blob Storage Contributor

 None
Azure VMs, encrypted None None
Azure VMs, unencrypted
  • Contributor

  • Storage Blob Data Contributor

 None
  • Azure Blob Storage

  • Azure Data Lake Storage Gen2
  • Storage Blob Data Owner

  • Reader

 None
Azure File Storage Storage Account Contributor
  • Storage Blob Data Contributor

  • Storage File Data Privileged Contributor

Loading...