Search <book_title>...

NetBackup™ for Cloud Object Store Administrator's Guide

Last Published: 2025-11-24

Product(s): NetBackup (11.1)

Permission required for Azure Data Lake Storage

NetBackup protection workflows - such as asset discovery, backup, and restore - for Azure Data Lake Storage (ADLS) can be authenticated using Azure user managed or system managed identities. To use a managed identity for ADLS, you must:

Assign the 'Storage Blob Data Owner' role to the managed identity to enable ACL restoration.

Assign a role to the managed identity that includes the following permissions:

{ 

    "id": "/subscriptions/<subscription id>/providers/Microsoft.Authorization/roleDefinitions/<role id>", 

    "properties": { 

        "roleName": "cosp_minimal", 

        "description": "minimal permission required for cos protection.", 

        "assignableScopes": [ 

            "/subscriptions/<subscription id>" 

        ], 

        "permissions": [ 

            { 

                "actions": [ 

                    "Microsoft.Storage/storageAccounts/blobServices/read", 

                    "Microsoft.Storage/storageAccounts/blobServices/containers/read", 

                    "Microsoft.Storage/storageAccounts/blobServices/containers/write", 

                    "Microsoft.ApiManagement/service/*", 

                    "Microsoft.Authorization/*/read", 

                    "Microsoft.Resources/subscriptions/resourceGroups/read", 

                    "Microsoft.Storage/storageAccounts/read", 

                    "Microsoft.Storage/storageAccounts/blobServices/containers/setAcl/action" 

                ], 

                "notActions": [], 

                "dataActions": [ 

                    "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/filter/action", 

                    "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/read", 

                    "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/write", 

                    "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write", 

                    "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read", 

                    "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action",  

"Microsoft.Storage/storageAccounts/blobServices/containers/blobs /immutableStorage/runAsSuperUser/action" 

                ], 

                "notDataActions": [] 

            } 

        ] 

    } 

}