Roles Data

Name Description Title Included Permissions Copy Stage
roles/backupdr.restoreUser Allows the user to restore or mount from a backup. This role cannot create a backup plan. Backup and DR Restore User ['backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvbackups.restore', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.list', 'backupdr.compute.restoreFromBackupVault', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.manageApplications', 'backupdr.managementServers.manageClones', 'backupdr.managementServers.manageHosts', 'backupdr.managementServers.manageLiveClones', 'backupdr.managementServers.manageMigrations', 'backupdr.managementServers.manageMirroring', 'backupdr.managementServers.manageMounts', 'backupdr.managementServers.manageRestores', 'backupdr.managementServers.manageWorkflows', 'backupdr.managementServers.refreshWorkflows', 'backupdr.managementServers.runWorkflows', 'backupdr.managementServers.testFailOvers', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/backupdr.backupvaultAdmin Allows the Backup Appliance full administrative control of backup vault resources. Backup and DR Backup Vault Admin ['backupdr.backupVaults.associate', 'backupdr.backupVaults.create', 'backupdr.backupVaults.delete', 'backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.backupVaults.update', 'backupdr.bvbackups.delete', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvbackups.restore', 'backupdr.bvbackups.update', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.list', 'backupdr.bvdataSources.update', 'backupdr.compute.restoreFromBackupVault', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.operations.cancel', 'backupdr.operations.delete', 'backupdr.operations.get', 'backupdr.operations.list'] GA
roles/backupdr.mangementServerAccessor Grants the Backup and DR management server access role to Backup Appliances. Backup and DR Management Server Accessor ['backupdr.managementServers.createConnection'] BETA
roles/backupdr.viewer Provides read-only access to all Backup and DR resources. Backup and DR Viewer ['backupdr.backupPlanAssociations.get', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlans.get', 'backupdr.backupPlans.list', 'backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.list', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.backupAccess', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.getIamPolicy', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewBackupServers', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/backupdr.backupvaultViewer Allows read-only permissions to access backup vault resources and backups. Backup and DR Backup Vault Viewer ['backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.list', 'backupdr.operations.get', 'backupdr.operations.list'] GA
roles/backupdr.managementServerAccessor Grants the Backup and DR management server access role to Backup Appliances. Backup and DR Management Server Accessor ['backupdr.managementServers.createConnection'] BETA
roles/backupdr.serviceAgent Grants the Backup and DR Service access to protect GCE instances. Backup and DR Service Agent ['compute.addresses.list', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.delete', 'compute.disks.get', 'compute.disks.setLabels', 'compute.disks.use', 'compute.firewalls.list', 'compute.globalOperations.get', 'compute.images.create', 'compute.images.delete', 'compute.images.get', 'compute.images.useReadOnly', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.delete', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.list', 'compute.instances.setLabels', 'compute.instances.setMetadata', 'compute.instances.setServiceAccount', 'compute.instances.setTags', 'compute.instances.start', 'compute.instances.stop', 'compute.instances.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networks.list', 'compute.nodeGroups.get', 'compute.nodeGroups.list', 'compute.nodeTemplates.get', 'compute.projects.get', 'compute.regionOperations.get', 'compute.regions.get', 'compute.regions.list', 'compute.snapshots.create', 'compute.snapshots.delete', 'compute.snapshots.get', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.subnetworks.list', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.zoneOperations.get', 'compute.zones.list', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'iam.serviceAccounts.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/backupdr.admin Provides full access to all Backup and DR resources. Backup and DR Admin ['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.get', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.create', 'backupdr.backupPlans.delete', 'backupdr.backupPlans.get', 'backupdr.backupPlans.list', 'backupdr.backupPlans.useForComputeInstance', 'backupdr.backupVaults.associate', 'backupdr.backupVaults.create', 'backupdr.backupVaults.delete', 'backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.backupVaults.update', 'backupdr.bvbackups.delete', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvbackups.restore', 'backupdr.bvbackups.update', 'backupdr.bvdataSources.abandonBackup', 'backupdr.bvdataSources.fetchAccessToken', 'backupdr.bvdataSources.finalizeBackup', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.initiateBackup', 'backupdr.bvdataSources.list', 'backupdr.bvdataSources.remove', 'backupdr.bvdataSources.setInternalStatus', 'backupdr.bvdataSources.update', 'backupdr.compute.restoreFromBackupVault', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.accessSensitiveData', 'backupdr.managementServers.assignBackupPlans', 'backupdr.managementServers.backupAccess', 'backupdr.managementServers.create', 'backupdr.managementServers.createConnection', 'backupdr.managementServers.createDynamicProtection', 'backupdr.managementServers.delete', 'backupdr.managementServers.deleteDynamicProtection', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.getIamPolicy', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.manageApplications', 'backupdr.managementServers.manageBackupPlans', 'backupdr.managementServers.manageBackupServers', 'backupdr.managementServers.manageBackups', 'backupdr.managementServers.manageClones', 'backupdr.managementServers.manageExpiration', 'backupdr.managementServers.manageHosts', 'backupdr.managementServers.manageInternalACL', 'backupdr.managementServers.manageJobs', 'backupdr.managementServers.manageLiveClones', 'backupdr.managementServers.manageMigrations', 'backupdr.managementServers.manageMirroring', 'backupdr.managementServers.manageMounts', 'backupdr.managementServers.manageRestores', 'backupdr.managementServers.manageSensitiveData', 'backupdr.managementServers.manageStorage', 'backupdr.managementServers.manageSystem', 'backupdr.managementServers.manageWorkflows', 'backupdr.managementServers.refreshWorkflows', 'backupdr.managementServers.runWorkflows', 'backupdr.managementServers.setIamPolicy', 'backupdr.managementServers.testFailOvers', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewBackupServers', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.cancel', 'backupdr.operations.delete', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/backupdr.backupvaultAccessor Allows the Backup Appliance permissions to create and manage backups in a backup vault. Backup and DR Backup Vault Accessor ['backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.bvbackups.delete', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvbackups.update', 'backupdr.bvdataSources.abandonBackup', 'backupdr.bvdataSources.fetchAccessToken', 'backupdr.bvdataSources.finalizeBackup', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.initiateBackup', 'backupdr.bvdataSources.list', 'backupdr.bvdataSources.remove', 'backupdr.bvdataSources.setInternalStatus', 'backupdr.bvdataSources.update', 'backupdr.operations.cancel', 'backupdr.operations.delete', 'backupdr.operations.get', 'backupdr.operations.list'] GA
roles/backupdr.user Provides access to management console. Granular Backup and DR permissions depend on ACL configuration provided by Backup and DR admin within the management console. Backup and DR User ['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.managementServers.access', 'backupdr.managementServers.backupAccess', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.getIamPolicy', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewBackupServers', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/backupdr.mountUser Allows the user to mount from a backup. This role cannot create a backup plan or restore from a backup. Backup and DR Mount User ['backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.manageApplications', 'backupdr.managementServers.manageClones', 'backupdr.managementServers.manageHosts', 'backupdr.managementServers.manageLiveClones', 'backupdr.managementServers.manageMirroring', 'backupdr.managementServers.manageMounts', 'backupdr.managementServers.manageWorkflows', 'backupdr.managementServers.refreshWorkflows', 'backupdr.managementServers.runWorkflows', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/backupdr.backupUser Allows the user to apply existing backup plans. This role cannot create backup plans or restore from a backup. Backup and DR Backup User ['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.get', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.get', 'backupdr.backupPlans.list', 'backupdr.backupPlans.useForComputeInstance', 'backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.list', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.assignBackupPlans', 'backupdr.managementServers.createDynamicProtection', 'backupdr.managementServers.deleteDynamicProtection', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.manageApplications', 'backupdr.managementServers.manageBackups', 'backupdr.managementServers.manageHosts', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/backupdr.cloudStorageOperator Allows a Backup and DR service account to store and manage data (backups or metadata) in Cloud Storage. Backup and DR Cloud Storage Operator ['storage.buckets.create', 'storage.buckets.get', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list'] GA
roles/backupdr.backupvaultLister Allows the Backup Appliance permission to list backup vaults in a given project. Backup and DR Backup Vault Lister ['backupdr.backupVaults.list'] GA
roles/backupdr.userv2 Provides full access to Backup and DR resources except deploying and managing backup infrastructure, expiring backups, changing data sensitivity and configuring on-premises billing. Backup and DR User V2 ['backupdr.backupPlanAssociations.createForComputeInstance', 'backupdr.backupPlanAssociations.deleteForComputeInstance', 'backupdr.backupPlanAssociations.get', 'backupdr.backupPlanAssociations.list', 'backupdr.backupPlanAssociations.triggerBackupForComputeInstance', 'backupdr.backupPlans.create', 'backupdr.backupPlans.delete', 'backupdr.backupPlans.get', 'backupdr.backupPlans.list', 'backupdr.backupPlans.useForComputeInstance', 'backupdr.backupVaults.associate', 'backupdr.backupVaults.get', 'backupdr.backupVaults.list', 'backupdr.bvbackups.get', 'backupdr.bvbackups.list', 'backupdr.bvbackups.restore', 'backupdr.bvdataSources.get', 'backupdr.bvdataSources.list', 'backupdr.compute.restoreFromBackupVault', 'backupdr.locations.get', 'backupdr.locations.list', 'backupdr.managementServers.access', 'backupdr.managementServers.assignBackupPlans', 'backupdr.managementServers.backupAccess', 'backupdr.managementServers.createDynamicProtection', 'backupdr.managementServers.deleteDynamicProtection', 'backupdr.managementServers.get', 'backupdr.managementServers.getDynamicProtection', 'backupdr.managementServers.getIamPolicy', 'backupdr.managementServers.list', 'backupdr.managementServers.listDynamicProtection', 'backupdr.managementServers.manageApplications', 'backupdr.managementServers.manageBackupPlans', 'backupdr.managementServers.manageBackups', 'backupdr.managementServers.manageClones', 'backupdr.managementServers.manageHosts', 'backupdr.managementServers.manageJobs', 'backupdr.managementServers.manageLiveClones', 'backupdr.managementServers.manageMigrations', 'backupdr.managementServers.manageMirroring', 'backupdr.managementServers.manageMounts', 'backupdr.managementServers.manageRestores', 'backupdr.managementServers.manageWorkflows', 'backupdr.managementServers.refreshWorkflows', 'backupdr.managementServers.runWorkflows', 'backupdr.managementServers.testFailOvers', 'backupdr.managementServers.viewBackupPlans', 'backupdr.managementServers.viewBackupServers', 'backupdr.managementServers.viewReports', 'backupdr.managementServers.viewStorage', 'backupdr.managementServers.viewSystem', 'backupdr.managementServers.viewWorkflows', 'backupdr.operations.get', 'backupdr.operations.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA
roles/backupdr.computeEngineOperator Allows a Backup and DR service account to discover, back up, and restore Compute Engine VM instances. Backup and DR Compute Engine Operator ['backupdr.managementServers.createConnection', 'compute.addresses.list', 'compute.addresses.use', 'compute.addresses.useInternal', 'compute.diskTypes.get', 'compute.diskTypes.list', 'compute.disks.create', 'compute.disks.createSnapshot', 'compute.disks.delete', 'compute.disks.get', 'compute.disks.setLabels', 'compute.disks.use', 'compute.firewalls.list', 'compute.globalOperations.get', 'compute.images.create', 'compute.images.delete', 'compute.images.get', 'compute.images.useReadOnly', 'compute.instances.attachDisk', 'compute.instances.create', 'compute.instances.createTagBinding', 'compute.instances.delete', 'compute.instances.detachDisk', 'compute.instances.get', 'compute.instances.list', 'compute.instances.listEffectiveTags', 'compute.instances.pscInterfaceCreate', 'compute.instances.setDeletionProtection', 'compute.instances.setLabels', 'compute.instances.setMetadata', 'compute.instances.setServiceAccount', 'compute.instances.setTags', 'compute.instances.start', 'compute.instances.stop', 'compute.instances.updateDisplayDevice', 'compute.instances.useReadOnly', 'compute.machineTypes.get', 'compute.machineTypes.list', 'compute.networks.list', 'compute.nodeGroups.get', 'compute.nodeGroups.list', 'compute.nodeTemplates.get', 'compute.projects.get', 'compute.regionOperations.get', 'compute.regions.get', 'compute.regions.list', 'compute.resourcePolicies.use', 'compute.snapshots.create', 'compute.snapshots.delete', 'compute.snapshots.get', 'compute.snapshots.setLabels', 'compute.snapshots.useReadOnly', 'compute.subnetworks.list', 'compute.subnetworks.use', 'compute.subnetworks.useExternalIp', 'compute.zoneOperations.get', 'compute.zones.list', 'iam.serviceAccounts.actAs', 'iam.serviceAccounts.get', 'iam.serviceAccounts.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] GA