使用 IAM 控管備份和災難復原服務的存取權

本頁面概略說明Google Cloud 備份與 DR 服務所需的 IAM 角色和權限。當您在專案中新增主體時,可以使用身分與存取權管理 (IAM) 政策為該主體提供一或多個 IAM 角色。每個 IAM 角色都包含授予主體存取權的權限,可在特定資源上執行特定動作。如需備份與災難復原服務適用的 IAM 權限參考清單,請參閱「備份與災難復原服務適用的 IAM 權限」一文。

IAM 的存取權控管方式

如果主體 (使用者、群組或服務帳戶) 呼叫 Google Cloud API,則該主體必須具備適當的 IAM 權限才能使用資源。如要將必要權限授予主體,請為主體授予 IAM 角色。進一步瞭解 IAM 中的主體

IAM 角色類型

備份和災難復原服務有預先定義的角色,這些角色是綁定的權限,可指派給不同的原則。使用者也可以定義自訂角色,其中可結合個別權限,授予執行特定備份和 DR 工作流程或動作的存取權。

IAM 權限

權限可讓使用者對特定資源執行特定操作。可將這些權限分組成角色。每項權限都代表使用者可以執行或存取的特定動作。

專案層級與資源層級權限

您可以在專案層級或資源層級授予權限。舉例來說,備份和災難復原服務管理員可以選擇只在儲存空間值區層級授予特定權限,而非整個專案,這取決於他們的政策。在資源層級授予角色不會影響您在專案層級授予的任何現有角色,反之亦同。

備份和災難復原服務的預先定義 IAM 角色

備份和災難復原服務有一組預先定義的 IAM 角色,詳情請見本頁。您也可以建立自訂角色,並在其中加入直接對應您需求的權限子集。

下表說明與 Backup and DR Service 相關聯的 IAM 角色,並列出每個角色所包含的權限。每項權限的說明請見「備份和災難復原服務的 IAM 權限」一節。

Role Permissions

(roles/backupdr.admin)

Provides full access to all Backup and DR resources.

backupdr.backupPlanAssociations.*

  • backupdr.backupPlanAssociations.createForComputeDisk
  • backupdr.backupPlanAssociations.createForComputeInstance
  • backupdr.backupPlanAssociations.deleteForComputeDisk
  • backupdr.backupPlanAssociations.deleteForComputeInstance
  • backupdr.backupPlanAssociations.get
  • backupdr.backupPlanAssociations.getForComputeDisk
  • backupdr.backupPlanAssociations.list
  • backupdr.backupPlanAssociations.triggerBackupForComputeDisk
  • backupdr.backupPlanAssociations.triggerBackupForComputeInstance
  • backupdr.backupPlanAssociations.updateForComputeDisk
  • backupdr.backupPlanAssociations.updateForComputeInstance

backupdr.backupPlanRevisions.*

  • backupdr.backupPlanRevisions.get
  • backupdr.backupPlanRevisions.list

backupdr.backupPlans.*

  • backupdr.backupPlans.create
  • backupdr.backupPlans.delete
  • backupdr.backupPlans.get
  • backupdr.backupPlans.list
  • backupdr.backupPlans.update
  • backupdr.backupPlans.useForComputeDisk
  • backupdr.backupPlans.useForComputeInstance

backupdr.backupVaults.*

  • backupdr.backupVaults.associate
  • backupdr.backupVaults.create
  • backupdr.backupVaults.delete
  • backupdr.backupVaults.get
  • backupdr.backupVaults.list
  • backupdr.backupVaults.update

backupdr.bvbackups.*

  • backupdr.bvbackups.delete
  • backupdr.bvbackups.get
  • backupdr.bvbackups.list
  • backupdr.bvbackups.restore
  • backupdr.bvbackups.update

backupdr.bvdataSources.*

  • backupdr.bvdataSources.abandonBackup
  • backupdr.bvdataSources.fetchAccessToken
  • backupdr.bvdataSources.finalizeBackup
  • backupdr.bvdataSources.get
  • backupdr.bvdataSources.initiateBackup
  • backupdr.bvdataSources.list
  • backupdr.bvdataSources.remove
  • backupdr.bvdataSources.setInternalStatus
  • backupdr.bvdataSources.update

backupdr.compute.restoreFromBackupVault

backupdr.locations.*

  • backupdr.locations.get
  • backupdr.locations.list

backupdr.managementServers.*

  • backupdr.managementServers.access
  • backupdr.managementServers.accessSensitiveData
  • backupdr.managementServers.assignBackupPlans
  • backupdr.managementServers.backupAccess
  • backupdr.managementServers.create
  • backupdr.managementServers.createConnection
  • backupdr.managementServers.createDynamicProtection
  • backupdr.managementServers.delete
  • backupdr.managementServers.deleteDynamicProtection
  • backupdr.managementServers.get
  • backupdr.managementServers.getDynamicProtection
  • backupdr.managementServers.getIamPolicy
  • backupdr.managementServers.list
  • backupdr.managementServers.listDynamicProtection
  • backupdr.managementServers.manageApplications
  • backupdr.managementServers.manageBackupPlans
  • backupdr.managementServers.manageBackupServers
  • backupdr.managementServers.manageBackups
  • backupdr.managementServers.manageClones
  • backupdr.managementServers.manageExpiration
  • backupdr.managementServers.manageHosts
  • backupdr.managementServers.manageInternalACL
  • backupdr.managementServers.manageJobs
  • backupdr.managementServers.manageLiveClones
  • backupdr.managementServers.manageMigrations
  • backupdr.managementServers.manageMirroring
  • backupdr.managementServers.manageMounts
  • backupdr.managementServers.manageRestores
  • backupdr.managementServers.manageSensitiveData
  • backupdr.managementServers.manageStorage
  • backupdr.managementServers.manageSystem
  • backupdr.managementServers.manageWorkflows
  • backupdr.managementServers.refreshWorkflows
  • backupdr.managementServers.runWorkflows
  • backupdr.managementServers.setIamPolicy
  • backupdr.managementServers.testFailOvers
  • backupdr.managementServers.viewBackupPlans
  • backupdr.managementServers.viewBackupServers
  • backupdr.managementServers.viewReports
  • backupdr.managementServers.viewStorage
  • backupdr.managementServers.viewSystem
  • backupdr.managementServers.viewWorkflows

backupdr.operations.*

  • backupdr.operations.cancel
  • backupdr.operations.delete
  • backupdr.operations.get
  • backupdr.operations.list

backupdr.serviceConfig.initialize

resourcemanager.projects.get

resourcemanager.projects.list

(roles/backupdr.backupConfigViewer)

Provides read access to resource backup config. Resource backup config has the metadata of a Google Cloud resource that can be backed up, along with its backup configurations.

backupdr.locations.list

backupdr.resourceBackupConfigs.*

  • backupdr.resourceBackupConfigs.get
  • backupdr.resourceBackupConfigs.list

(roles/backupdr.backupUser)

Allows the user to apply existing backup plans. This role cannot create backup plans or restore from a backup.

backupdr.backupPlanAssociations.*

  • backupdr.backupPlanAssociations.createForComputeDisk
  • backupdr.backupPlanAssociations.createForComputeInstance
  • backupdr.backupPlanAssociations.deleteForComputeDisk
  • backupdr.backupPlanAssociations.deleteForComputeInstance
  • backupdr.backupPlanAssociations.get
  • backupdr.backupPlanAssociations.getForComputeDisk
  • backupdr.backupPlanAssociations.list
  • backupdr.backupPlanAssociations.triggerBackupForComputeDisk
  • backupdr.backupPlanAssociations.triggerBackupForComputeInstance
  • backupdr.backupPlanAssociations.updateForComputeDisk
  • backupdr.backupPlanAssociations.updateForComputeInstance

backupdr.backupPlanRevisions.*

  • backupdr.backupPlanRevisions.get
  • backupdr.backupPlanRevisions.list

backupdr.backupPlans.get

backupdr.backupPlans.list

backupdr.backupPlans.useForComputeDisk

backupdr.backupPlans.useForComputeInstance

backupdr.backupVaults.get

backupdr.backupVaults.list

backupdr.bvbackups.get

backupdr.bvbackups.list

backupdr.bvdataSources.get

backupdr.bvdataSources.list

backupdr.locations.*

  • backupdr.locations.get
  • backupdr.locations.list

backupdr.managementServers.access

backupdr.managementServers.assignBackupPlans

backupdr.managementServers.createDynamicProtection

backupdr.managementServers.deleteDynamicProtection

backupdr.managementServers.get

backupdr.managementServers.getDynamicProtection

backupdr.managementServers.list

backupdr.managementServers.listDynamicProtection

backupdr.managementServers.manageApplications

backupdr.managementServers.manageBackups

backupdr.managementServers.manageHosts

backupdr.managementServers.viewBackupPlans

backupdr.managementServers.viewReports

backupdr.managementServers.viewStorage

backupdr.managementServers.viewSystem

backupdr.operations.get

backupdr.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/backupdr.backupvaultAccessor)

Allows the Backup Appliance permissions to create and manage backups in a backup vault.

backupdr.backupVaults.get

backupdr.backupVaults.list

backupdr.bvbackups.delete

backupdr.bvbackups.get

backupdr.bvbackups.list

backupdr.bvbackups.update

backupdr.bvdataSources.*

  • backupdr.bvdataSources.abandonBackup
  • backupdr.bvdataSources.fetchAccessToken
  • backupdr.bvdataSources.finalizeBackup
  • backupdr.bvdataSources.get
  • backupdr.bvdataSources.initiateBackup
  • backupdr.bvdataSources.list
  • backupdr.bvdataSources.remove
  • backupdr.bvdataSources.setInternalStatus
  • backupdr.bvdataSources.update

backupdr.operations.*

  • backupdr.operations.cancel
  • backupdr.operations.delete
  • backupdr.operations.get
  • backupdr.operations.list

(roles/backupdr.backupvaultAdmin)

Allows the Backup Appliance full administrative control of backup vault resources.

backupdr.backupVaults.*

  • backupdr.backupVaults.associate
  • backupdr.backupVaults.create
  • backupdr.backupVaults.delete
  • backupdr.backupVaults.get
  • backupdr.backupVaults.list
  • backupdr.backupVaults.update

backupdr.bvbackups.*

  • backupdr.bvbackups.delete
  • backupdr.bvbackups.get
  • backupdr.bvbackups.list
  • backupdr.bvbackups.restore
  • backupdr.bvbackups.update

backupdr.bvdataSources.get

backupdr.bvdataSources.list

backupdr.bvdataSources.update

backupdr.compute.restoreFromBackupVault

backupdr.locations.*

  • backupdr.locations.get
  • backupdr.locations.list

backupdr.operations.*

  • backupdr.operations.cancel
  • backupdr.operations.delete
  • backupdr.operations.get
  • backupdr.operations.list

(roles/backupdr.backupvaultLister)

Allows the Backup Appliance permission to list backup vaults in a given project.

backupdr.backupVaults.list

(roles/backupdr.backupvaultViewer)

Allows read-only permissions to access backup vault resources and backups.

backupdr.backupVaults.get

backupdr.backupVaults.list

backupdr.bvbackups.get

backupdr.bvbackups.list

backupdr.bvdataSources.get

backupdr.bvdataSources.list

backupdr.operations.get

backupdr.operations.list

(roles/backupdr.cloudStorageOperator)

Allows a Backup and DR service account to store and manage data (backups or metadata) in Cloud Storage.

storage.buckets.create

storage.buckets.get

storage.objects.create

storage.objects.delete

storage.objects.get

storage.objects.list

(roles/backupdr.computeEngineOperator)

Allows a Backup and DR service account to discover, back up, and restore Compute Engine VM instances.

backupdr.managementServers.createConnection

compute.addresses.list

compute.addresses.use

compute.addresses.useInternal

compute.diskTypes.*

  • compute.diskTypes.get
  • compute.diskTypes.list

compute.disks.create

compute.disks.createSnapshot

compute.disks.delete

compute.disks.get

compute.disks.setLabels

compute.disks.use

compute.disks.useReadOnly

compute.firewalls.list

compute.globalOperations.get

compute.images.create

compute.images.delete

compute.images.get

compute.images.useReadOnly

compute.instances.attachDisk

compute.instances.create

compute.instances.createTagBinding

compute.instances.delete

compute.instances.detachDisk

compute.instances.get

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.pscInterfaceCreate

compute.instances.setDeletionProtection

compute.instances.setLabels

compute.instances.setMetadata

compute.instances.setServiceAccount

compute.instances.setTags

compute.instances.start

compute.instances.stop

compute.instances.updateDisplayDevice

compute.instances.useReadOnly

compute.machineTypes.*

  • compute.machineTypes.get
  • compute.machineTypes.list

compute.networks.list

compute.nodeGroups.get

compute.nodeGroups.list

compute.nodeTemplates.get

compute.projects.get

compute.regionOperations.get

compute.regions.*

  • compute.regions.get
  • compute.regions.list

compute.resourcePolicies.use

compute.snapshots.create

compute.snapshots.delete

compute.snapshots.get

compute.snapshots.setLabels

compute.snapshots.useReadOnly

compute.subnetworks.list

compute.subnetworks.use

compute.subnetworks.useExternalIp

compute.zoneOperations.get

compute.zones.list

iam.serviceAccounts.actAs

iam.serviceAccounts.get

iam.serviceAccounts.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/backupdr.diskOperator)

Allows a Backup and DR service account to store and manage data (backups or metadata) in Disk.

compute.disks.create

compute.disks.createSnapshot

compute.disks.createTagBinding

compute.disks.get

compute.disks.list

compute.disks.setLabels

compute.disks.useReadOnly

compute.regionOperations.get

compute.resourcePolicies.use

compute.snapshots.setLabels

compute.snapshots.useReadOnly

compute.storagePools.use

compute.zoneOperations.get

(roles/backupdr.managementServerAccessor)

Grants the Backup and DR management server access role to Backup Appliances.

backupdr.managementServers.createConnection

(roles/backupdr.mountUser)

Allows the user to mount from a backup. This role cannot create a backup plan or restore from a backup.

backupdr.locations.*

  • backupdr.locations.get
  • backupdr.locations.list

backupdr.managementServers.access

backupdr.managementServers.get

backupdr.managementServers.getDynamicProtection

backupdr.managementServers.list

backupdr.managementServers.listDynamicProtection

backupdr.managementServers.manageApplications

backupdr.managementServers.manageClones

backupdr.managementServers.manageHosts

backupdr.managementServers.manageLiveClones

backupdr.managementServers.manageMirroring

backupdr.managementServers.manageMounts

backupdr.managementServers.manageWorkflows

backupdr.managementServers.refreshWorkflows

backupdr.managementServers.runWorkflows

backupdr.managementServers.viewBackupPlans

backupdr.managementServers.viewReports

backupdr.managementServers.viewStorage

backupdr.managementServers.viewSystem

backupdr.managementServers.viewWorkflows

backupdr.operations.get

backupdr.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/backupdr.restoreUser)

Allows the user to restore or mount from a backup. This role cannot create a backup plan.

backupdr.backupVaults.get

backupdr.backupVaults.list

backupdr.bvbackups.get

backupdr.bvbackups.list

backupdr.bvbackups.restore

backupdr.bvdataSources.get

backupdr.bvdataSources.list

backupdr.compute.restoreFromBackupVault

backupdr.locations.*

  • backupdr.locations.get
  • backupdr.locations.list

backupdr.managementServers.access

backupdr.managementServers.get

backupdr.managementServers.getDynamicProtection

backupdr.managementServers.list

backupdr.managementServers.listDynamicProtection

backupdr.managementServers.manageApplications

backupdr.managementServers.manageClones

backupdr.managementServers.manageHosts

backupdr.managementServers.manageLiveClones

backupdr.managementServers.manageMigrations

backupdr.managementServers.manageMirroring

backupdr.managementServers.manageMounts

backupdr.managementServers.manageRestores

backupdr.managementServers.manageWorkflows

backupdr.managementServers.refreshWorkflows

backupdr.managementServers.runWorkflows

backupdr.managementServers.testFailOvers

backupdr.managementServers.viewBackupPlans

backupdr.managementServers.viewReports

backupdr.managementServers.viewStorage

backupdr.managementServers.viewSystem

backupdr.managementServers.viewWorkflows

backupdr.operations.get

backupdr.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/backupdr.serviceAgent)

Grants the Backup and DR Service access to protect Compute Engine instances.

alloydb.operations.get

cloudsql.instances.get

compute.addresses.list

compute.addresses.use

compute.addresses.useInternal

compute.diskTypes.*

  • compute.diskTypes.get
  • compute.diskTypes.list

compute.disks.create

compute.disks.createSnapshot

compute.disks.delete

compute.disks.get

compute.disks.list

compute.disks.setLabels

compute.disks.use

compute.disks.useReadOnly

compute.firewalls.list

compute.globalOperations.get

compute.images.create

compute.images.delete

compute.images.get

compute.images.useReadOnly

compute.instances.attachDisk

compute.instances.create

compute.instances.delete

compute.instances.detachDisk

compute.instances.get

compute.instances.list

compute.instances.setLabels

compute.instances.setMetadata

compute.instances.setServiceAccount

compute.instances.setTags

compute.instances.start

compute.instances.stop

compute.instances.useReadOnly

compute.machineTypes.*

  • compute.machineTypes.get
  • compute.machineTypes.list

compute.networks.list

compute.nodeGroups.get

compute.nodeGroups.list

compute.nodeTemplates.get

compute.projects.get

compute.regionOperations.get

compute.regions.*

  • compute.regions.get
  • compute.regions.list

compute.snapshots.create

compute.snapshots.delete

compute.snapshots.get

compute.snapshots.setLabels

compute.snapshots.useReadOnly

compute.subnetworks.list

compute.subnetworks.use

compute.subnetworks.useExternalIp

compute.zoneOperations.get

compute.zones.list

iam.serviceAccounts.actAs

iam.serviceAccounts.get

iam.serviceAccounts.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/backupdr.user)

Provides access to management console. Granular Backup and DR permissions depend on ACL configuration provided by Backup and DR admin within the management console.

backupdr.backupPlanAssociations.createForComputeInstance

backupdr.backupPlanAssociations.deleteForComputeInstance

backupdr.backupPlanAssociations.updateForComputeInstance

backupdr.managementServers.access

backupdr.managementServers.backupAccess

backupdr.managementServers.get

backupdr.managementServers.getDynamicProtection

backupdr.managementServers.getIamPolicy

backupdr.managementServers.list

backupdr.managementServers.listDynamicProtection

backupdr.managementServers.viewBackupPlans

backupdr.managementServers.viewBackupServers

backupdr.managementServers.viewReports

backupdr.managementServers.viewStorage

backupdr.managementServers.viewSystem

backupdr.managementServers.viewWorkflows

backupdr.operations.get

backupdr.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/backupdr.userv2)

Provides full access to Backup and DR resources except deploying and managing backup infrastructure, expiring backups, changing data sensitivity and configuring on-premises billing.

backupdr.backupPlanAssociations.*

  • backupdr.backupPlanAssociations.createForComputeDisk
  • backupdr.backupPlanAssociations.createForComputeInstance
  • backupdr.backupPlanAssociations.deleteForComputeDisk
  • backupdr.backupPlanAssociations.deleteForComputeInstance
  • backupdr.backupPlanAssociations.get
  • backupdr.backupPlanAssociations.getForComputeDisk
  • backupdr.backupPlanAssociations.list
  • backupdr.backupPlanAssociations.triggerBackupForComputeDisk
  • backupdr.backupPlanAssociations.triggerBackupForComputeInstance
  • backupdr.backupPlanAssociations.updateForComputeDisk
  • backupdr.backupPlanAssociations.updateForComputeInstance

backupdr.backupPlanRevisions.*

  • backupdr.backupPlanRevisions.get
  • backupdr.backupPlanRevisions.list

backupdr.backupPlans.*

  • backupdr.backupPlans.create
  • backupdr.backupPlans.delete
  • backupdr.backupPlans.get
  • backupdr.backupPlans.list
  • backupdr.backupPlans.update
  • backupdr.backupPlans.useForComputeDisk
  • backupdr.backupPlans.useForComputeInstance

backupdr.backupVaults.associate

backupdr.backupVaults.get

backupdr.backupVaults.list

backupdr.bvbackups.get

backupdr.bvbackups.list

backupdr.bvbackups.restore

backupdr.bvdataSources.get

backupdr.bvdataSources.list

backupdr.compute.restoreFromBackupVault

backupdr.locations.*

  • backupdr.locations.get
  • backupdr.locations.list

backupdr.managementServers.access

backupdr.managementServers.assignBackupPlans

backupdr.managementServers.backupAccess

backupdr.managementServers.createDynamicProtection

backupdr.managementServers.deleteDynamicProtection

backupdr.managementServers.get

backupdr.managementServers.getDynamicProtection

backupdr.managementServers.getIamPolicy

backupdr.managementServers.list

backupdr.managementServers.listDynamicProtection

backupdr.managementServers.manageApplications

backupdr.managementServers.manageBackupPlans

backupdr.managementServers.manageBackups

backupdr.managementServers.manageClones

backupdr.managementServers.manageHosts

backupdr.managementServers.manageJobs

backupdr.managementServers.manageLiveClones

backupdr.managementServers.manageMigrations

backupdr.managementServers.manageMirroring

backupdr.managementServers.manageMounts

backupdr.managementServers.manageRestores

backupdr.managementServers.manageWorkflows

backupdr.managementServers.refreshWorkflows

backupdr.managementServers.runWorkflows

backupdr.managementServers.testFailOvers

backupdr.managementServers.viewBackupPlans

backupdr.managementServers.viewBackupServers

backupdr.managementServers.viewReports

backupdr.managementServers.viewStorage

backupdr.managementServers.viewSystem

backupdr.managementServers.viewWorkflows

backupdr.operations.get

backupdr.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/backupdr.viewer)

Provides read-only access to all Backup and DR resources.

backupdr.backupPlanAssociations.get

backupdr.backupPlanAssociations.getForComputeDisk

backupdr.backupPlanAssociations.list

backupdr.backupPlanRevisions.*

  • backupdr.backupPlanRevisions.get
  • backupdr.backupPlanRevisions.list

backupdr.backupPlans.get

backupdr.backupPlans.list

backupdr.backupVaults.get

backupdr.backupVaults.list

backupdr.bvbackups.get

backupdr.bvbackups.list

backupdr.bvdataSources.get

backupdr.bvdataSources.list

backupdr.locations.*

  • backupdr.locations.get
  • backupdr.locations.list

backupdr.managementServers.access

backupdr.managementServers.backupAccess

backupdr.managementServers.get

backupdr.managementServers.getDynamicProtection

backupdr.managementServers.getIamPolicy

backupdr.managementServers.list

backupdr.managementServers.listDynamicProtection

backupdr.managementServers.viewBackupPlans

backupdr.managementServers.viewBackupServers

backupdr.managementServers.viewReports

backupdr.managementServers.viewStorage

backupdr.managementServers.viewSystem

backupdr.managementServers.viewWorkflows

backupdr.operations.get

backupdr.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

基本角色

基本角色是在 IAM 之前專案層級的角色。詳情請參閱「基本角色」。

雖然備份和 DR 服務支援下列基本角色,但您仍應盡可能使用其中一個預先定義的角色。基本角色包含多種適用於所有 Google Cloud 資源的權限;相反地,備份和災難復原的預先定義角色則包含僅適用於備份和災難復原的精確權限。

基本 IAM 角色 說明
編輯者
(roles/editor)		 提供所有備份和災難復原資源的完整存取權。
擁有者
(roles/owner)		 提供所有備份和災難復原資源的完整存取權。

備份和災難復原服務的 IAM 權限

下表列出與備份和災難復原服務相關的 IAM 權限。IAM 權限會分組為角色,您可以將角色指派給使用者和群組

下表列出每個備份和 DR 權限的說明。

權限名稱 說明
backupdr.managementServers.manageClones 提供權限,可從備份檔案建立及管理克隆。
backupdr.managementServers.manageLiveClones 提供權限,可透過備份檔案建立及管理 LiveClone。
backupdr.managementServers.manageMounts 提供權限,可透過備份檔案建立及管理有效的掛載點。
backupdr.managementServers.manageRestores 提供從備份還原所需的權限。
backupdr.managementServers.manageBackups 提供執行備份作業的權限:立即備份。
backupdr.managementServers.viewSystem 可查看備份/復原設備設定。
backupdr.managementServers.manageSystem 提供設定備份/復原裝置和報表管理工具的權限。
backupdr.managementServers.viewStorage 提供檢視儲存空間和磁碟叢集設定的存取權。
backupdr.managementServers.manageStorage 提供新增、修改、移除及查看儲存空間和磁碟叢集的權限。
backupdr.managementServers.viewBackupPlans 可查看備份方案 (備份範本和資源設定檔)。
backupdr.managementServers.assignBackupPlans 提供權限,可將預先設定的備份方案 (備份範本和資源設定檔) 指派給應用程式或工作負載。
backupdr.managementServers.manageBackupPlans 提供建立、修改、刪除、查看及指派備份方案 (備份範本和資源設定檔) 的權限。
backupdr.managementServers.testFailOvers 提供權限,可在遠端 StreamSnap 備份上執行測試容錯和刪除測試容錯作業。
backupdr.managementServers.viewWorkflows 提供備份和災難復原工作流程的查看權限,以便自動存取備份和災難復原服務中的資料副本。
backupdr.managementServers.runWorkflows 提供權限,可執行預先設定的備份和災難復原工作流程,自動取得備份和災難復原服務中資料的存取權。
backupdr.managementServers.refreshWorkflows 提供權限,可重新整理備份和災難復原工作流程建立的複本,該工作流程會自動存取備份和災難復原服務中的複本資料。
backupdr.managementServers.manageWorkflows 提供權限,可新增、修改、移除、執行及查看備份備份和災難復原工作流程,自動存取備份和災難復原服務中的資料副本。
backupdr.managementServers.manageMirroring 提供權限,可在遠端 StreamSnap 備份上執行容錯移轉、同步回復、清理、容錯回復、測試容錯移轉,以及刪除測試容錯移轉作業。
backupdr.managementServers.manageHosts 提供新增、修改、移除及查看主機 (實體和虛擬機器) 的權限
backupdr.managementServers.manageApplications 提供權限,可管理應用程式的所有層面,包括邏輯群組和一致性群組、依需求執行備份作業,以及匯出範本。
backupdr.managementServers.manageSensitiveData 提供標示應用程式和備份為機密或非機密資料所需的權限。
backupdr.managementServers.accessSensitiveData 提供標示為機密的應用程式和備份的存取權。
backupdr.managementServers.manageBackupServers 提供透過管理控制台執行 Backup Server API 所需的權限。
backupdr.managementServers.manageExpiration 提供讓備份過期的必要權限。
backupdr.managementServers.access 具備管理主控台和相關 API 的存取權。
backupdr.managementServers.onpremUsageUpload 提供存取權,可將使用量上傳至內部部署轉接程式所需的所有端點。
backupdr.managementServers.viewReports 提供 Report Manager 存取權,以便執行報表及查看或下載輸出內容。
backupdr.managementServers.manageJobs 提供取消工作和修改工作優先順序的權限。
backupdr.managementServers.manageMigrations 提供權限,可管理掛載資料的遷移作業,做為還原或複製作業的最後步驟。