roles/backupdr.restoreUser
Allows the user to restore or mount from a backup. This role cannot create a backup plan.
Backup and DR Restore User
['backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvbackups.restore', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.list', 'backupdr.compute.restoreFromBackupVault', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.manageApplications', 'backupdr.managementServers.manageClones', 'backupdr.managementServers.manageHosts', 'backupdr.managementServers.manageLiveClones', 'backupdr.managementServers.manageMigrations', 'backupdr.managementServers.manageMirroring', 'backupdr.managementServers.manageMounts', 'backupdr.managementServers.manageRestores', 'backupdr.managementServers.manageWorkflows', 'backupdr.managementServers.refreshWorkflows', 'backupdr.managementServers.runWorkflows', 'backupdr.managementServers.testFailOvers', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/backupdr.backupvaultAdmin
Allows the Backup Appliance full administrative control of backup vault resources.
Backup and DR Backup Vault Admin
['backupdr.backupVaults.associate', 'backupdr.backupVaults.create', 'backupdr.backupVaults.delete', 'backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.backupVaults.update', 'backupdr.bvbackups.delete', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvbackups.restore', 'backupdr.bvbackups.update', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.list', 'backupdr.bvdataSources.update', 'backupdr.compute.restoreFromBackupVault', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.operations.cancel', 'backupdr.operations.delete', 'backupdr.operations.get', 'backupdr.operations.list']
Copy Permissions
GA
roles/backupdr.mangementServerAccessor
Grants the Backup and DR management server access role to Backup Appliances.
Backup and DR Management Server Accessor
['backupdr.managementServers.createConnection']
Copy Permissions
BETA
roles/backupdr.viewer
Provides read-only access to all Backup and DR resources.
Backup and DR Viewer
['backupdr.backupPlanAssociations.get', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlans.get', 'backupdr.backupPlans.list', 'backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.list', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.backupAccess', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.getIamPolicy', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewBackupServers', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/backupdr.backupvaultViewer
Allows read-only permissions to access backup vault resources and backups.
Backup and DR Backup Vault Viewer
['backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.list', 'backupdr.operations.get', 'backupdr.operations.list']
Copy Permissions
GA
roles/backupdr.managementServerAccessor
Grants the Backup and DR management server access role to Backup Appliances.
Backup and DR Management Server Accessor
['backupdr.managementServers.createConnection']
Copy Permissions
BETA
roles/backupdr.serviceAgent
Grants the Backup and DR Service access to protect GCE instances.
Backup and DR Service Agent
['compute.addresses.list', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.delete', 'compute.disks.get', 'compute.disks.setLabels', 'compute.disks.use', 'compute.firewalls.list', 'compute.globalOperations.get', 'compute.images.create', 'compute.images.delete', 'compute.images.get', 'compute.images.useReadOnly', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.delete', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.list', 'compute.instances.setLabels', 'compute.instances.setMetadata', 'compute.instances.setServiceAccount', 'compute.instances.setTags', 'compute.instances.start', 'compute.instances.stop', 'compute.instances.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networks.list', 'compute.nodeGroups.get', 'compute.nodeGroups.list', 'compute.nodeTemplates.get', 'compute.projects.get', 'compute.regionOperations.get', 'compute.regions.get', 'compute.regions.list', 'compute.snapshots.create', 'compute.snapshots.delete', 'compute.snapshots.get', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.subnetworks.list', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.zoneOperations.get', 'compute.zones.list', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'iam.serviceAccounts.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/backupdr.admin
Provides full access to all Backup and DR resources.
Backup and DR Admin
['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.get', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.create', 'backupdr.backupPlans.delete', 'backupdr.backupPlans.get', 'backupdr.backupPlans.list', 'backupdr.backupPlans.useForComputeInstance', 'backupdr.backupVaults.associate', 'backupdr.backupVaults.create', 'backupdr.backupVaults.delete', 'backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.backupVaults.update', 'backupdr.bvbackups.delete', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvbackups.restore', 'backupdr.bvbackups.update', 'backupdr.bvdataSources.abandonBackup', 'backupdr.bvdataSources.fetchAccessToken', 'backupdr.bvdataSources.finalizeBackup', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.initiateBackup', 'backupdr.bvdataSources.list', 'backupdr.bvdataSources.remove', 'backupdr.bvdataSources.setInternalStatus', 'backupdr.bvdataSources.update', 'backupdr.compute.restoreFromBackupVault', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.accessSensitiveData', 'backupdr.managementServers.assignBackupPlans', 'backupdr.managementServers.backupAccess', 'backupdr.managementServers.create', 'backupdr.managementServers.createConnection', 'backupdr.managementServers.createDynamicProtection', 'backupdr.managementServers.delete', 'backupdr.managementServers.deleteDynamicProtection', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.getIamPolicy', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.manageApplications', 'backupdr.managementServers.manageBackupPlans', 'backupdr.managementServers.manageBackupServers', 'backupdr.managementServers.manageBackups', 'backupdr.managementServers.manageClones', 'backupdr.managementServers.manageExpiration', 'backupdr.managementServers.manageHosts', 'backupdr.managementServers.manageInternalACL', 'backupdr.managementServers.manageJobs', 'backupdr.managementServers.manageLiveClones', 'backupdr.managementServers.manageMigrations', 'backupdr.managementServers.manageMirroring', 'backupdr.managementServers.manageMounts', 'backupdr.managementServers.manageRestores', 'backupdr.managementServers.manageSensitiveData', 'backupdr.managementServers.manageStorage', 'backupdr.managementServers.manageSystem', 'backupdr.managementServers.manageWorkflows', 'backupdr.managementServers.refreshWorkflows', 'backupdr.managementServers.runWorkflows', 'backupdr.managementServers.setIamPolicy', 'backupdr.managementServers.testFailOvers', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewBackupServers', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.cancel', 'backupdr.operations.delete', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/backupdr.backupvaultAccessor
Allows the Backup Appliance permissions to create and manage backups in a backup vault.
Backup and DR Backup Vault Accessor
['backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.bvbackups.delete', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvbackups.update', 'backupdr.bvdataSources.abandonBackup', 'backupdr.bvdataSources.fetchAccessToken', 'backupdr.bvdataSources.finalizeBackup', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.initiateBackup', 'backupdr.bvdataSources.list', 'backupdr.bvdataSources.remove', 'backupdr.bvdataSources.setInternalStatus', 'backupdr.bvdataSources.update', 'backupdr.operations.cancel', 'backupdr.operations.delete', 'backupdr.operations.get', 'backupdr.operations.list']
Copy Permissions
GA
roles/backupdr.user
Provides access to management console. Granular Backup and DR permissions depend on ACL configuration provided by Backup and DR admin within the management console.
Backup and DR User
['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.managementServers.access', 'backupdr.managementServers.backupAccess', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.getIamPolicy', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewBackupServers', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/backupdr.mountUser
Allows the user to mount from a backup. This role cannot create a backup plan or restore from a backup.
Backup and DR Mount User
['backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.manageApplications', 'backupdr.managementServers.manageClones', 'backupdr.managementServers.manageHosts', 'backupdr.managementServers.manageLiveClones', 'backupdr.managementServers.manageMirroring', 'backupdr.managementServers.manageMounts', 'backupdr.managementServers.manageWorkflows', 'backupdr.managementServers.refreshWorkflows', 'backupdr.managementServers.runWorkflows', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/backupdr.backupUser
Allows the user to apply existing backup plans. This role cannot create backup plans or restore from a backup.
Backup and DR Backup User
['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.get', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.get', 'backupdr.backupPlans.list', 'backupdr.backupPlans.useForComputeInstance', 'backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.list', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.assignBackupPlans', 'backupdr.managementServers.createDynamicProtection', 'backupdr.managementServers.deleteDynamicProtection', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.manageApplications', 'backupdr.managementServers.manageBackups', 'backupdr.managementServers.manageHosts', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/backupdr.cloudStorageOperator
Allows a Backup and DR service account to store and manage data (backups or metadata) in Cloud Storage.
Backup and DR Cloud Storage Operator
['storage.buckets.create', 'storage.buckets.get', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list']
Copy Permissions
GA
roles/backupdr.backupvaultLister
Allows the Backup Appliance permission to list backup vaults in a given project.
Backup and DR Backup Vault Lister
['backupdr.backupVaults.list']
Copy Permissions
GA
roles/backupdr.userv2
Provides full access to Backup and DR resources except deploying and managing backup infrastructure, expiring backups, changing data sensitivity and configuring on-premises billing.
Backup and DR User V2
['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.get', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.create', 'backupdr.backupPlans.delete', 'backupdr.backupPlans.get', 'backupdr.backupPlans.list', 'backupdr.backupPlans.useForComputeInstance', 'backupdr.backupVaults.associate', 'backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvbackups.restore', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.list', 'backupdr.compute.restoreFromBackupVault', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.assignBackupPlans', 'backupdr.managementServers.backupAccess', 'backupdr.managementServers.createDynamicProtection', 'backupdr.managementServers.deleteDynamicProtection', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.getIamPolicy', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.manageApplications', 'backupdr.managementServers.manageBackupPlans', 'backupdr.managementServers.manageBackups', 'backupdr.managementServers.manageClones', 'backupdr.managementServers.manageHosts', 'backupdr.managementServers.manageJobs', 'backupdr.managementServers.manageLiveClones', 'backupdr.managementServers.manageMigrations', 'backupdr.managementServers.manageMirroring', 'backupdr.managementServers.manageMounts', 'backupdr.managementServers.manageRestores', 'backupdr.managementServers.manageWorkflows', 'backupdr.managementServers.refreshWorkflows', 'backupdr.managementServers.runWorkflows', 'backupdr.managementServers.testFailOvers', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewBackupServers', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/backupdr.computeEngineOperator
Allows a Backup and DR service account to discover, back up, and restore Compute Engine VM instances.
Backup and DR Compute Engine Operator
['backupdr.managementServers.createConnection', 'compute.addresses.list', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.delete', 'compute.disks.get', 'compute.disks.setLabels', 'compute.disks.use', 'compute.firewalls.list', 'compute.globalOperations.get', 'compute.images.create', 'compute.images.delete', 'compute.images.get', 'compute.images.useReadOnly', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.pscInterfaceCreate', 'compute.instances.setDeletionProtection', 'compute.instances.setLabels', 'compute.instances.setMetadata', 'compute.instances.setServiceAccount', 'compute.instances.setTags', 'compute.instances.start', 'compute.instances.stop', 'compute.instances.updateDisplayDevice', 'compute.instances.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networks.list', 'compute.nodeGroups.get', 'compute.nodeGroups.list', 'compute.nodeTemplates.get', 'compute.projects.get', 'compute.regionOperations.get', 'compute.regions.get', 'compute.regions.list', 'compute.resourcePolicies.use', 'compute.snapshots.create', 'compute.snapshots.delete', 'compute.snapshots.get', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.subnetworks.list', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.zoneOperations.get', 'compute.zones.list', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'iam.serviceAccounts.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA