Se usó la API de Cloud Translation para traducir esta página.

Controla el acceso al servicio de copia de seguridad y DR con IAM

En esta página, se describen los roles y permisos de IAM necesarios para el servicio deGoogle Cloud Backup and DR. Cuando agregas principales nuevos a tu proyecto, puedes usar una política de Identity and Access Management (IAM) para otorgarle a ese principal una o más funciones de IAM. Cada rol de IAM contiene permisos que otorgan a las entidades principales acceso para realizar acciones específicas en recursos específicos. Si deseas ver una lista de referencia de los permisos de IAM que se aplican al Servicio de copia de seguridad y DR, consulta Permisos de IAM para el Servicio de copia de seguridad y DR.

Cómo controla el acceso IAM

Si una principal (un usuario, un grupo o una cuenta de servicio) llama a una API de Google Cloud , esa principal debe tener los permisos de IAM adecuados para usar el recurso. Para otorgar a una principal los permisos necesarios, debes otorgarle un rol de IAM. Obtén más información sobre las principales en IAM.

Tipos de roles de IAM

El servicio Backup and DR tiene roles predefinidos que son permisos agrupados para que se asignen a diferentes entidades principales. Los usuarios también pueden definir roles personalizados que pueden tener una combinación de permisos individuales para otorgar acceso y llevar a cabo un flujo de trabajo o una acción específicos de copia de seguridad y DR.

Permisos de IAM

Los permisos permiten a los usuarios realizar acciones específicas en recursos específicos. Se pueden agrupar para formar roles. Cada permiso se refiere a una acción específica que el usuario puede realizar o al acceso que tiene.

Permisos a nivel del proyecto frente a los de nivel del recurso

Los permisos se pueden otorgar a nivel del proyecto o del recurso. Por ejemplo, un administrador de Backup and DR puede optar por otorgar solo ciertos permisos a nivel del bucket de almacenamiento en lugar de a todo el proyecto, según su política. La asignación de roles a nivel de recurso no afecta a los roles existentes que otorgaste a nivel de proyecto y viceversa.

Roles predefinidos de IAM para el servicio Backup and DR

El servicio de Backup and DR tiene un conjunto de roles de IAM predefinidos que se describen en esta página. También puedes crear roles personalizados que contengan subconjuntos de permisos que se correspondan directamente con tus necesidades.

En la siguiente tabla, se describen las funciones de IAM asociadas con el servicio de Backup and DR y se enumeran los permisos que contiene cada función. La descripción de cada permiso se encuentra en la sección Permisos de IAM para el Servicio de copia de seguridad y DR.

Role Permissions

Role	Permissions
Backup and DR Admin (`roles/backupdr.admin`) Provides full access to all Backup and DR resources.	`backupdr.backupPlanAssociations.` `backupdr.backupPlanAssociations.createForAlloydbCluster` `backupdr.backupPlanAssociations.createForCloudSqlInstance` `backupdr.backupPlanAssociations.createForComputeDisk` `backupdr.backupPlanAssociations.createForComputeInstance` `backupdr.backupPlanAssociations.createForFilestoreInstance` `backupdr.backupPlanAssociations.deleteForAlloydbCluster` `backupdr.backupPlanAssociations.deleteForCloudSqlInstance` `backupdr.backupPlanAssociations.deleteForComputeDisk` `backupdr.backupPlanAssociations.deleteForComputeInstance` `backupdr.backupPlanAssociations.deleteForFilestoreInstance` `backupdr.backupPlanAssociations.fetchForAlloydbCluster` `backupdr.backupPlanAssociations.fetchForCloudSqlInstance` `backupdr.backupPlanAssociations.fetchForComputeDisk` `backupdr.backupPlanAssociations.fetchForComputeInstance` `backupdr.backupPlanAssociations.fetchForFilestoreInstance` `backupdr.backupPlanAssociations.getForAlloydbCluster` `backupdr.backupPlanAssociations.getForCloudSqlInstance` `backupdr.backupPlanAssociations.getForComputeDisk` `backupdr.backupPlanAssociations.getForComputeInstance` `backupdr.backupPlanAssociations.getForFilestoreInstance` `backupdr.backupPlanAssociations.list` `backupdr.backupPlanAssociations.triggerBackupForAlloydbCluster` `backupdr.backupPlanAssociations.triggerBackupForCloudSqlInstance` `backupdr.backupPlanAssociations.triggerBackupForComputeDisk` `backupdr.backupPlanAssociations.triggerBackupForComputeInstance` `backupdr.backupPlanAssociations.triggerBackupForFilestoreInstance` `backupdr.backupPlanAssociations.updateForAlloydbCluster` `backupdr.backupPlanAssociations.updateForComputeDisk` `backupdr.backupPlanAssociations.updateForComputeInstance` `backupdr.backupPlanAssociations.updateForFilestoreInstance` `backupdr.backupPlanRevisions.` `backupdr.backupPlanRevisions.get` `backupdr.backupPlanRevisions.list` `backupdr.backupPlans.` `backupdr.backupPlans.create` `backupdr.backupPlans.delete` `backupdr.backupPlans.get` `backupdr.backupPlans.list` `backupdr.backupPlans.update` `backupdr.backupPlans.useForAlloydbCluster` `backupdr.backupPlans.useForCloudSqlInstance` `backupdr.backupPlans.useForComputeDisk` `backupdr.backupPlans.useForComputeInstance` `backupdr.backupPlans.useForFilestoreInstance` `backupdr.backupVaults.` `backupdr.backupVaults.associate` `backupdr.backupVaults.create` `backupdr.backupVaults.delete` `backupdr.backupVaults.get` `backupdr.backupVaults.list` `backupdr.backupVaults.update` `backupdr.bvbackups.` `backupdr.bvbackups.delete` `backupdr.bvbackups.fetchForCloudSqlInstance` `backupdr.bvbackups.fetchForComputeDisk` `backupdr.bvbackups.fetchForComputeInstance` `backupdr.bvbackups.get` `backupdr.bvbackups.list` `backupdr.bvbackups.restore` `backupdr.bvbackups.update` `backupdr.bvbackups.useReadOnlyForAlloydbCluster` `backupdr.bvbackups.useReadOnlyForCloudSqlInstance` `backupdr.bvbackups.useReadOnlyForFilestoreInstance` `backupdr.bvdataSources.` `backupdr.bvdataSources.abandonBackup` `backupdr.bvdataSources.fetchAccessToken` `backupdr.bvdataSources.finalizeBackup` `backupdr.bvdataSources.get` `backupdr.bvdataSources.initiateBackup` `backupdr.bvdataSources.list` `backupdr.bvdataSources.remove` `backupdr.bvdataSources.setInternalStatus` `backupdr.bvdataSources.update` `backupdr.bvdataSources.useReadOnlyForAlloydbCluster` `backupdr.bvdataSources.useReadOnlyForCloudSqlInstance` `backupdr.compute.restoreFromBackupVault` `backupdr.dataSourceReferences.` `backupdr.dataSourceReferences.fetchForAlloydbCluster` `backupdr.dataSourceReferences.fetchForCloudSqlInstance` `backupdr.dataSourceReferences.fetchForFilestoreInstance` `backupdr.dataSourceReferences.getForAlloydbCluster` `backupdr.dataSourceReferences.getForCloudSqlInstance` `backupdr.dataSourceReferences.getForFilestoreInstance` `backupdr.dataSourceReferences.list` `backupdr.locations.` `backupdr.locations.get` `backupdr.locations.list` `backupdr.managementServers.` `backupdr.managementServers.access` `backupdr.managementServers.accessSensitiveData` `backupdr.managementServers.assignBackupPlans` `backupdr.managementServers.backupAccess` `backupdr.managementServers.create` `backupdr.managementServers.createConnection` `backupdr.managementServers.createDynamicProtection` `backupdr.managementServers.delete` `backupdr.managementServers.deleteDynamicProtection` `backupdr.managementServers.get` `backupdr.managementServers.getDynamicProtection` `backupdr.managementServers.getIamPolicy` `backupdr.managementServers.list` `backupdr.managementServers.listDynamicProtection` `backupdr.managementServers.manageApplications` `backupdr.managementServers.manageBackupPlans` `backupdr.managementServers.manageBackupServers` `backupdr.managementServers.manageBackups` `backupdr.managementServers.manageClones` `backupdr.managementServers.manageExpiration` `backupdr.managementServers.manageHosts` `backupdr.managementServers.manageInternalACL` `backupdr.managementServers.manageJobs` `backupdr.managementServers.manageLiveClones` `backupdr.managementServers.manageMigrations` `backupdr.managementServers.manageMirroring` `backupdr.managementServers.manageMounts` `backupdr.managementServers.manageRestores` `backupdr.managementServers.manageSensitiveData` `backupdr.managementServers.manageStorage` `backupdr.managementServers.manageSystem` `backupdr.managementServers.manageWorkflows` `backupdr.managementServers.refreshWorkflows` `backupdr.managementServers.runWorkflows` `backupdr.managementServers.setIamPolicy` `backupdr.managementServers.testFailOvers` `backupdr.managementServers.viewBackupPlans` `backupdr.managementServers.viewBackupServers` `backupdr.managementServers.viewReports` `backupdr.managementServers.viewStorage` `backupdr.managementServers.viewSystem` `backupdr.managementServers.viewWorkflows` `backupdr.operations.` `backupdr.operations.cancel` `backupdr.operations.delete` `backupdr.operations.get` `backupdr.operations.list` `backupdr.serviceConfig.initialize` `backupdr.trial.*` `backupdr.trial.get` `backupdr.trial.subscribe` `resourcemanager.projects.get` `resourcemanager.projects.list`
Backup and DR Backup Config Viewer ^Beta (`roles/backupdr.backupConfigViewer`) Provides read access to resource backup config. Resource backup config has the metadata of a Google Cloud resource that can be backed up, along with its backup configurations.	`backupdr.locations.list` `backupdr.resourceBackupConfigs.*` `backupdr.resourceBackupConfigs.get` `backupdr.resourceBackupConfigs.list`
Backup and DR Backup User (`roles/backupdr.backupUser`) Allows the user to apply existing backup plans. This role cannot create backup plans or restore from a backup.	`backupdr.backupPlanAssociations.` `backupdr.backupPlanAssociations.createForAlloydbCluster` `backupdr.backupPlanAssociations.createForCloudSqlInstance` `backupdr.backupPlanAssociations.createForComputeDisk` `backupdr.backupPlanAssociations.createForComputeInstance` `backupdr.backupPlanAssociations.createForFilestoreInstance` `backupdr.backupPlanAssociations.deleteForAlloydbCluster` `backupdr.backupPlanAssociations.deleteForCloudSqlInstance` `backupdr.backupPlanAssociations.deleteForComputeDisk` `backupdr.backupPlanAssociations.deleteForComputeInstance` `backupdr.backupPlanAssociations.deleteForFilestoreInstance` `backupdr.backupPlanAssociations.fetchForAlloydbCluster` `backupdr.backupPlanAssociations.fetchForCloudSqlInstance` `backupdr.backupPlanAssociations.fetchForComputeDisk` `backupdr.backupPlanAssociations.fetchForComputeInstance` `backupdr.backupPlanAssociations.fetchForFilestoreInstance` `backupdr.backupPlanAssociations.getForAlloydbCluster` `backupdr.backupPlanAssociations.getForCloudSqlInstance` `backupdr.backupPlanAssociations.getForComputeDisk` `backupdr.backupPlanAssociations.getForComputeInstance` `backupdr.backupPlanAssociations.getForFilestoreInstance` `backupdr.backupPlanAssociations.list` `backupdr.backupPlanAssociations.triggerBackupForAlloydbCluster` `backupdr.backupPlanAssociations.triggerBackupForCloudSqlInstance` `backupdr.backupPlanAssociations.triggerBackupForComputeDisk` `backupdr.backupPlanAssociations.triggerBackupForComputeInstance` `backupdr.backupPlanAssociations.triggerBackupForFilestoreInstance` `backupdr.backupPlanAssociations.updateForAlloydbCluster` `backupdr.backupPlanAssociations.updateForComputeDisk` `backupdr.backupPlanAssociations.updateForComputeInstance` `backupdr.backupPlanAssociations.updateForFilestoreInstance` `backupdr.backupPlanRevisions.` `backupdr.backupPlanRevisions.get` `backupdr.backupPlanRevisions.list` `backupdr.backupPlans.get` `backupdr.backupPlans.list` `backupdr.backupPlans.useForAlloydbCluster` `backupdr.backupPlans.useForCloudSqlInstance` `backupdr.backupPlans.useForComputeDisk` `backupdr.backupPlans.useForComputeInstance` `backupdr.backupPlans.useForFilestoreInstance` `backupdr.backupVaults.get` `backupdr.backupVaults.list` `backupdr.bvbackups.fetchForCloudSqlInstance` `backupdr.bvbackups.fetchForComputeDisk` `backupdr.bvbackups.fetchForComputeInstance` `backupdr.bvbackups.get` `backupdr.bvbackups.list` `backupdr.bvdataSources.get` `backupdr.bvdataSources.list` `backupdr.dataSourceReferences.` `backupdr.dataSourceReferences.fetchForAlloydbCluster` `backupdr.dataSourceReferences.fetchForCloudSqlInstance` `backupdr.dataSourceReferences.fetchForFilestoreInstance` `backupdr.dataSourceReferences.getForAlloydbCluster` `backupdr.dataSourceReferences.getForCloudSqlInstance` `backupdr.dataSourceReferences.getForFilestoreInstance` `backupdr.dataSourceReferences.list` `backupdr.locations.` `backupdr.locations.get` `backupdr.locations.list` `backupdr.managementServers.access` `backupdr.managementServers.assignBackupPlans` `backupdr.managementServers.createDynamicProtection` `backupdr.managementServers.deleteDynamicProtection` `backupdr.managementServers.get` `backupdr.managementServers.getDynamicProtection` `backupdr.managementServers.list` `backupdr.managementServers.listDynamicProtection` `backupdr.managementServers.manageApplications` `backupdr.managementServers.manageBackups` `backupdr.managementServers.manageHosts` `backupdr.managementServers.viewBackupPlans` `backupdr.managementServers.viewReports` `backupdr.managementServers.viewStorage` `backupdr.managementServers.viewSystem` `backupdr.operations.get` `backupdr.operations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Backup and DR Backup Vault Accessor (`roles/backupdr.backupvaultAccessor`) Allows the Backup Appliance permissions to create and manage backups in a backup vault.	`backupdr.backupVaults.get` `backupdr.backupVaults.list` `backupdr.bvbackups.delete` `backupdr.bvbackups.get` `backupdr.bvbackups.list` `backupdr.bvbackups.update` `backupdr.bvdataSources.abandonBackup` `backupdr.bvdataSources.fetchAccessToken` `backupdr.bvdataSources.finalizeBackup` `backupdr.bvdataSources.get` `backupdr.bvdataSources.initiateBackup` `backupdr.bvdataSources.list` `backupdr.bvdataSources.remove` `backupdr.bvdataSources.setInternalStatus` `backupdr.bvdataSources.update` `backupdr.operations.*` `backupdr.operations.cancel` `backupdr.operations.delete` `backupdr.operations.get` `backupdr.operations.list`
Backup and DR Backup Vault Admin (`roles/backupdr.backupvaultAdmin`) Allows the Backup Appliance full administrative control of backup vault resources.	`backupdr.backupVaults.` `backupdr.backupVaults.associate` `backupdr.backupVaults.create` `backupdr.backupVaults.delete` `backupdr.backupVaults.get` `backupdr.backupVaults.list` `backupdr.backupVaults.update` `backupdr.bvbackups.delete` `backupdr.bvbackups.get` `backupdr.bvbackups.list` `backupdr.bvbackups.restore` `backupdr.bvbackups.update` `backupdr.bvdataSources.get` `backupdr.bvdataSources.list` `backupdr.bvdataSources.update` `backupdr.compute.restoreFromBackupVault` `backupdr.locations.` `backupdr.locations.get` `backupdr.locations.list` `backupdr.operations.*` `backupdr.operations.cancel` `backupdr.operations.delete` `backupdr.operations.get` `backupdr.operations.list`
Backup and DR Backup Vault Lister (`roles/backupdr.backupvaultLister`) Allows the Backup Appliance permission to list backup vaults in a given project.	`backupdr.backupVaults.list`
Backup and DR Backup Vault Viewer (`roles/backupdr.backupvaultViewer`) Allows read-only permissions to access backup vault resources and backups.	`backupdr.backupVaults.get` `backupdr.backupVaults.list` `backupdr.bvbackups.get` `backupdr.bvbackups.list` `backupdr.bvdataSources.get` `backupdr.bvdataSources.list` `backupdr.operations.get` `backupdr.operations.list`
Backup and DR Cloud SQL Operator ^Beta (`roles/backupdr.cloudSqlOperator`) Allows a Backup and DR service account to discover and backup Cloud SQL instances.	`cloudsql.instances.createBackupDrBackup` `cloudsql.instances.get`
Backup and DR Cloud Storage Operator (`roles/backupdr.cloudStorageOperator`) Allows a Backup and DR service account to store and manage data (backups or metadata) in Cloud Storage.	`storage.buckets.create` `storage.buckets.get` `storage.objects.create` `storage.objects.delete` `storage.objects.get` `storage.objects.list`
Backup and DR Compute Engine Operator (`roles/backupdr.computeEngineOperator`) Allows a Backup and DR service account to discover, back up, and restore Compute Engine VM instances.	`backupdr.managementServers.createConnection` `compute.addresses.list` `compute.addresses.use` `compute.addresses.useInternal` `compute.diskTypes.` `compute.diskTypes.get` `compute.diskTypes.list` `compute.disks.create` `compute.disks.createSnapshot` `compute.disks.delete` `compute.disks.get` `compute.disks.setLabels` `compute.disks.use` `compute.disks.useReadOnly` `compute.firewalls.list` `compute.globalOperations.get` `compute.images.create` `compute.images.delete` `compute.images.get` `compute.images.useReadOnly` `compute.instances.attachDisk` `compute.instances.create` `compute.instances.createTagBinding` `compute.instances.delete` `compute.instances.detachDisk` `compute.instances.get` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.pscInterfaceCreate` `compute.instances.setDeletionProtection` `compute.instances.setLabels` `compute.instances.setMetadata` `compute.instances.setServiceAccount` `compute.instances.setTags` `compute.instances.start` `compute.instances.stop` `compute.instances.updateDisplayDevice` `compute.instances.useReadOnly` `compute.machineTypes.` `compute.machineTypes.get` `compute.machineTypes.list` `compute.networks.list` `compute.nodeGroups.get` `compute.nodeGroups.list` `compute.nodeTemplates.get` `compute.projects.get` `compute.regionOperations.get` `compute.regions.*` `compute.regions.get` `compute.regions.list` `compute.resourcePolicies.use` `compute.snapshots.create` `compute.snapshots.delete` `compute.snapshots.get` `compute.snapshots.setLabels` `compute.snapshots.useReadOnly` `compute.subnetworks.list` `compute.subnetworks.use` `compute.subnetworks.useExternalIp` `compute.zoneOperations.get` `compute.zones.list` `iam.serviceAccounts.actAs` `iam.serviceAccounts.get` `iam.serviceAccounts.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Backup and DR Disk Operator ^Beta (`roles/backupdr.diskOperator`) Allows a Backup and DR service account to store and manage data (backups or metadata) in Disk.	`compute.disks.create` `compute.disks.createSnapshot` `compute.disks.createTagBinding` `compute.disks.get` `compute.disks.list` `compute.disks.setLabels` `compute.disks.useReadOnly` `compute.regionOperations.get` `compute.resourcePolicies.use` `compute.snapshots.setLabels` `compute.snapshots.useReadOnly` `compute.storagePools.use` `compute.zoneOperations.get`
Backup and DR Filestore Operator ^Beta (`roles/backupdr.filestoreOperator`) Allows a Backup and DR service account to discover and backup Filestore instances.	`file.backups.create` `file.instances.get`
Backup and DR Management Server Accessor (`roles/backupdr.managementServerAccessor`) Grants the Backup and DR management server access role to Backup Appliances.	`backupdr.managementServers.createConnection`
Backup and DR Mount User (`roles/backupdr.mountUser`) Allows the user to mount from a backup. This role cannot create a backup plan or restore from a backup.	`backupdr.locations.*` `backupdr.locations.get` `backupdr.locations.list` `backupdr.managementServers.access` `backupdr.managementServers.get` `backupdr.managementServers.getDynamicProtection` `backupdr.managementServers.list` `backupdr.managementServers.listDynamicProtection` `backupdr.managementServers.manageApplications` `backupdr.managementServers.manageClones` `backupdr.managementServers.manageHosts` `backupdr.managementServers.manageLiveClones` `backupdr.managementServers.manageMirroring` `backupdr.managementServers.manageMounts` `backupdr.managementServers.manageWorkflows` `backupdr.managementServers.refreshWorkflows` `backupdr.managementServers.runWorkflows` `backupdr.managementServers.viewBackupPlans` `backupdr.managementServers.viewReports` `backupdr.managementServers.viewStorage` `backupdr.managementServers.viewSystem` `backupdr.managementServers.viewWorkflows` `backupdr.operations.get` `backupdr.operations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Backup and DR Restore User (`roles/backupdr.restoreUser`) Allows the user to restore or mount from a backup. This role cannot create a backup plan.	`backupdr.backupVaults.get` `backupdr.backupVaults.list` `backupdr.bvbackups.fetchForCloudSqlInstance` `backupdr.bvbackups.fetchForComputeDisk` `backupdr.bvbackups.fetchForComputeInstance` `backupdr.bvbackups.get` `backupdr.bvbackups.list` `backupdr.bvbackups.restore` `backupdr.bvbackups.useReadOnlyForAlloydbCluster` `backupdr.bvbackups.useReadOnlyForCloudSqlInstance` `backupdr.bvbackups.useReadOnlyForFilestoreInstance` `backupdr.bvdataSources.get` `backupdr.bvdataSources.list` `backupdr.bvdataSources.useReadOnlyForAlloydbCluster` `backupdr.bvdataSources.useReadOnlyForCloudSqlInstance` `backupdr.compute.restoreFromBackupVault` `backupdr.dataSourceReferences.` `backupdr.dataSourceReferences.fetchForAlloydbCluster` `backupdr.dataSourceReferences.fetchForCloudSqlInstance` `backupdr.dataSourceReferences.fetchForFilestoreInstance` `backupdr.dataSourceReferences.getForAlloydbCluster` `backupdr.dataSourceReferences.getForCloudSqlInstance` `backupdr.dataSourceReferences.getForFilestoreInstance` `backupdr.dataSourceReferences.list` `backupdr.locations.` `backupdr.locations.get` `backupdr.locations.list` `backupdr.managementServers.access` `backupdr.managementServers.get` `backupdr.managementServers.getDynamicProtection` `backupdr.managementServers.list` `backupdr.managementServers.listDynamicProtection` `backupdr.managementServers.manageApplications` `backupdr.managementServers.manageClones` `backupdr.managementServers.manageHosts` `backupdr.managementServers.manageLiveClones` `backupdr.managementServers.manageMigrations` `backupdr.managementServers.manageMirroring` `backupdr.managementServers.manageMounts` `backupdr.managementServers.manageRestores` `backupdr.managementServers.manageWorkflows` `backupdr.managementServers.refreshWorkflows` `backupdr.managementServers.runWorkflows` `backupdr.managementServers.testFailOvers` `backupdr.managementServers.viewBackupPlans` `backupdr.managementServers.viewReports` `backupdr.managementServers.viewStorage` `backupdr.managementServers.viewSystem` `backupdr.managementServers.viewWorkflows` `backupdr.operations.get` `backupdr.operations.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Backup and DR Service Agent (`roles/backupdr.serviceAgent`) Grants the Backup and DR Service access to protect Compute Engine instances. Warning: Do not grant service agent roles to any principals except service agents.	`alloydb.operations.get` `cloudsql.instances.createBackupDrBackup` `cloudsql.instances.get` `compute.addresses.list` `compute.addresses.use` `compute.addresses.useInternal` `compute.diskTypes.` `compute.diskTypes.get` `compute.diskTypes.list` `compute.disks.create` `compute.disks.createSnapshot` `compute.disks.delete` `compute.disks.get` `compute.disks.list` `compute.disks.setLabels` `compute.disks.use` `compute.disks.useReadOnly` `compute.firewalls.list` `compute.globalOperations.get` `compute.images.create` `compute.images.delete` `compute.images.get` `compute.images.useReadOnly` `compute.instances.attachDisk` `compute.instances.create` `compute.instances.delete` `compute.instances.detachDisk` `compute.instances.get` `compute.instances.list` `compute.instances.setLabels` `compute.instances.setMetadata` `compute.instances.setServiceAccount` `compute.instances.setTags` `compute.instances.start` `compute.instances.stop` `compute.instances.useReadOnly` `compute.machineTypes.` `compute.machineTypes.get` `compute.machineTypes.list` `compute.networks.list` `compute.nodeGroups.get` `compute.nodeGroups.list` `compute.nodeTemplates.get` `compute.projects.get` `compute.regionOperations.get` `compute.regions.*` `compute.regions.get` `compute.regions.list` `compute.snapshots.create` `compute.snapshots.delete` `compute.snapshots.get` `compute.snapshots.setLabels` `compute.snapshots.useReadOnly` `compute.subnetworks.list` `compute.subnetworks.use` `compute.subnetworks.useExternalIp` `compute.zoneOperations.get` `compute.zones.list` `file.backups.create` `file.instances.get` `iam.serviceAccounts.actAs` `iam.serviceAccounts.get` `iam.serviceAccounts.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Backup and DR User (`roles/backupdr.user`) Provides access to management console. Granular Backup and DR permissions depend on ACL configuration provided by Backup and DR admin within the management console.	`backupdr.backupPlanAssociations.createForComputeInstance` `backupdr.backupPlanAssociations.deleteForComputeInstance` `backupdr.backupPlanAssociations.updateForComputeInstance` `backupdr.managementServers.access` `backupdr.managementServers.backupAccess` `backupdr.managementServers.get` `backupdr.managementServers.getDynamicProtection` `backupdr.managementServers.getIamPolicy` `backupdr.managementServers.list` `backupdr.managementServers.listDynamicProtection` `backupdr.managementServers.viewBackupPlans` `backupdr.managementServers.viewBackupServers` `backupdr.managementServers.viewReports` `backupdr.managementServers.viewStorage` `backupdr.managementServers.viewSystem` `backupdr.managementServers.viewWorkflows` `backupdr.operations.get` `backupdr.operations.list` `backupdr.trial.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Backup and DR User V2 (`roles/backupdr.userv2`) Provides full access to Backup and DR resources except deploying and managing backup infrastructure, expiring backups, changing data sensitivity and configuring on-premises billing.	`backupdr.backupPlanAssociations.` `backupdr.backupPlanAssociations.createForAlloydbCluster` `backupdr.backupPlanAssociations.createForCloudSqlInstance` `backupdr.backupPlanAssociations.createForComputeDisk` `backupdr.backupPlanAssociations.createForComputeInstance` `backupdr.backupPlanAssociations.createForFilestoreInstance` `backupdr.backupPlanAssociations.deleteForAlloydbCluster` `backupdr.backupPlanAssociations.deleteForCloudSqlInstance` `backupdr.backupPlanAssociations.deleteForComputeDisk` `backupdr.backupPlanAssociations.deleteForComputeInstance` `backupdr.backupPlanAssociations.deleteForFilestoreInstance` `backupdr.backupPlanAssociations.fetchForAlloydbCluster` `backupdr.backupPlanAssociations.fetchForCloudSqlInstance` `backupdr.backupPlanAssociations.fetchForComputeDisk` `backupdr.backupPlanAssociations.fetchForComputeInstance` `backupdr.backupPlanAssociations.fetchForFilestoreInstance` `backupdr.backupPlanAssociations.getForAlloydbCluster` `backupdr.backupPlanAssociations.getForCloudSqlInstance` `backupdr.backupPlanAssociations.getForComputeDisk` `backupdr.backupPlanAssociations.getForComputeInstance` `backupdr.backupPlanAssociations.getForFilestoreInstance` `backupdr.backupPlanAssociations.list` `backupdr.backupPlanAssociations.triggerBackupForAlloydbCluster` `backupdr.backupPlanAssociations.triggerBackupForCloudSqlInstance` `backupdr.backupPlanAssociations.triggerBackupForComputeDisk` `backupdr.backupPlanAssociations.triggerBackupForComputeInstance` `backupdr.backupPlanAssociations.triggerBackupForFilestoreInstance` `backupdr.backupPlanAssociations.updateForAlloydbCluster` `backupdr.backupPlanAssociations.updateForComputeDisk` `backupdr.backupPlanAssociations.updateForComputeInstance` `backupdr.backupPlanAssociations.updateForFilestoreInstance` `backupdr.backupPlanRevisions.` `backupdr.backupPlanRevisions.get` `backupdr.backupPlanRevisions.list` `backupdr.backupPlans.` `backupdr.backupPlans.create` `backupdr.backupPlans.delete` `backupdr.backupPlans.get` `backupdr.backupPlans.list` `backupdr.backupPlans.update` `backupdr.backupPlans.useForAlloydbCluster` `backupdr.backupPlans.useForCloudSqlInstance` `backupdr.backupPlans.useForComputeDisk` `backupdr.backupPlans.useForComputeInstance` `backupdr.backupPlans.useForFilestoreInstance` `backupdr.backupVaults.associate` `backupdr.backupVaults.get` `backupdr.backupVaults.list` `backupdr.bvbackups.fetchForCloudSqlInstance` `backupdr.bvbackups.fetchForComputeDisk` `backupdr.bvbackups.fetchForComputeInstance` `backupdr.bvbackups.get` `backupdr.bvbackups.list` `backupdr.bvbackups.restore` `backupdr.bvbackups.useReadOnlyForAlloydbCluster` `backupdr.bvbackups.useReadOnlyForCloudSqlInstance` `backupdr.bvbackups.useReadOnlyForFilestoreInstance` `backupdr.bvdataSources.get` `backupdr.bvdataSources.list` `backupdr.bvdataSources.useReadOnlyForAlloydbCluster` `backupdr.bvdataSources.useReadOnlyForCloudSqlInstance` `backupdr.compute.restoreFromBackupVault` `backupdr.dataSourceReferences.` `backupdr.dataSourceReferences.fetchForAlloydbCluster` `backupdr.dataSourceReferences.fetchForCloudSqlInstance` `backupdr.dataSourceReferences.fetchForFilestoreInstance` `backupdr.dataSourceReferences.getForAlloydbCluster` `backupdr.dataSourceReferences.getForCloudSqlInstance` `backupdr.dataSourceReferences.getForFilestoreInstance` `backupdr.dataSourceReferences.list` `backupdr.locations.*` `backupdr.locations.get` `backupdr.locations.list` `backupdr.managementServers.access` `backupdr.managementServers.assignBackupPlans` `backupdr.managementServers.backupAccess` `backupdr.managementServers.createDynamicProtection` `backupdr.managementServers.deleteDynamicProtection` `backupdr.managementServers.get` `backupdr.managementServers.getDynamicProtection` `backupdr.managementServers.getIamPolicy` `backupdr.managementServers.list` `backupdr.managementServers.listDynamicProtection` `backupdr.managementServers.manageApplications` `backupdr.managementServers.manageBackupPlans` `backupdr.managementServers.manageBackups` `backupdr.managementServers.manageClones` `backupdr.managementServers.manageHosts` `backupdr.managementServers.manageJobs` `backupdr.managementServers.manageLiveClones` `backupdr.managementServers.manageMigrations` `backupdr.managementServers.manageMirroring` `backupdr.managementServers.manageMounts` `backupdr.managementServers.manageRestores` `backupdr.managementServers.manageWorkflows` `backupdr.managementServers.refreshWorkflows` `backupdr.managementServers.runWorkflows` `backupdr.managementServers.testFailOvers` `backupdr.managementServers.viewBackupPlans` `backupdr.managementServers.viewBackupServers` `backupdr.managementServers.viewReports` `backupdr.managementServers.viewStorage` `backupdr.managementServers.viewSystem` `backupdr.managementServers.viewWorkflows` `backupdr.operations.get` `backupdr.operations.list` `backupdr.trial.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Backup and DR Viewer (`roles/backupdr.viewer`) Provides read-only access to all Backup and DR resources.	`backupdr.backupPlanAssociations.fetchForAlloydbCluster` `backupdr.backupPlanAssociations.fetchForCloudSqlInstance` `backupdr.backupPlanAssociations.fetchForComputeDisk` `backupdr.backupPlanAssociations.fetchForComputeInstance` `backupdr.backupPlanAssociations.fetchForFilestoreInstance` `backupdr.backupPlanAssociations.getForAlloydbCluster` `backupdr.backupPlanAssociations.getForCloudSqlInstance` `backupdr.backupPlanAssociations.getForComputeDisk` `backupdr.backupPlanAssociations.getForComputeInstance` `backupdr.backupPlanAssociations.getForFilestoreInstance` `backupdr.backupPlanAssociations.list` `backupdr.backupPlanRevisions.` `backupdr.backupPlanRevisions.get` `backupdr.backupPlanRevisions.list` `backupdr.backupPlans.get` `backupdr.backupPlans.list` `backupdr.backupVaults.get` `backupdr.backupVaults.list` `backupdr.bvbackups.fetchForCloudSqlInstance` `backupdr.bvbackups.fetchForComputeDisk` `backupdr.bvbackups.fetchForComputeInstance` `backupdr.bvbackups.get` `backupdr.bvbackups.list` `backupdr.bvdataSources.get` `backupdr.bvdataSources.list` `backupdr.dataSourceReferences.` `backupdr.dataSourceReferences.fetchForAlloydbCluster` `backupdr.dataSourceReferences.fetchForCloudSqlInstance` `backupdr.dataSourceReferences.fetchForFilestoreInstance` `backupdr.dataSourceReferences.getForAlloydbCluster` `backupdr.dataSourceReferences.getForCloudSqlInstance` `backupdr.dataSourceReferences.getForFilestoreInstance` `backupdr.dataSourceReferences.list` `backupdr.locations.*` `backupdr.locations.get` `backupdr.locations.list` `backupdr.managementServers.access` `backupdr.managementServers.backupAccess` `backupdr.managementServers.get` `backupdr.managementServers.getDynamicProtection` `backupdr.managementServers.getIamPolicy` `backupdr.managementServers.list` `backupdr.managementServers.listDynamicProtection` `backupdr.managementServers.viewBackupPlans` `backupdr.managementServers.viewBackupServers` `backupdr.managementServers.viewReports` `backupdr.managementServers.viewStorage` `backupdr.managementServers.viewSystem` `backupdr.managementServers.viewWorkflows` `backupdr.operations.get` `backupdr.operations.list` `backupdr.trial.get` `resourcemanager.projects.get` `resourcemanager.projects.list`

Backup and DR Admin

(roles/backupdr.admin)

Provides full access to all Backup and DR resources.

backupdr.backupPlanAssociations.*

backupdr.backupPlanAssociations.createForAlloydbCluster
backupdr.backupPlanAssociations.createForCloudSqlInstance
backupdr.backupPlanAssociations.createForComputeDisk
backupdr.backupPlanAssociations.createForComputeInstance
backupdr.backupPlanAssociations.createForFilestoreInstance
backupdr.backupPlanAssociations.deleteForAlloydbCluster
backupdr.backupPlanAssociations.deleteForCloudSqlInstance
backupdr.backupPlanAssociations.deleteForComputeDisk
backupdr.backupPlanAssociations.deleteForComputeInstance
backupdr.backupPlanAssociations.deleteForFilestoreInstance
backupdr.backupPlanAssociations.fetchForAlloydbCluster
backupdr.backupPlanAssociations.fetchForCloudSqlInstance
backupdr.backupPlanAssociations.fetchForComputeDisk
backupdr.backupPlanAssociations.fetchForComputeInstance
backupdr.backupPlanAssociations.fetchForFilestoreInstance
backupdr.backupPlanAssociations.getForAlloydbCluster
backupdr.backupPlanAssociations.getForCloudSqlInstance
backupdr.backupPlanAssociations.getForComputeDisk
backupdr.backupPlanAssociations.getForComputeInstance
backupdr.backupPlanAssociations.getForFilestoreInstance
backupdr.backupPlanAssociations.list
backupdr.backupPlanAssociations.triggerBackupForAlloydbCluster
backupdr.backupPlanAssociations.triggerBackupForCloudSqlInstance
backupdr.backupPlanAssociations.triggerBackupForComputeDisk
backupdr.backupPlanAssociations.triggerBackupForComputeInstance
backupdr.backupPlanAssociations.triggerBackupForFilestoreInstance
backupdr.backupPlanAssociations.updateForAlloydbCluster
backupdr.backupPlanAssociations.updateForComputeDisk
backupdr.backupPlanAssociations.updateForComputeInstance
backupdr.backupPlanAssociations.updateForFilestoreInstance

backupdr.backupPlanRevisions.*

backupdr.backupPlanRevisions.get
backupdr.backupPlanRevisions.list

backupdr.backupPlans.*

backupdr.backupPlans.create
backupdr.backupPlans.delete
backupdr.backupPlans.get
backupdr.backupPlans.list
backupdr.backupPlans.update
backupdr.backupPlans.useForAlloydbCluster
backupdr.backupPlans.useForCloudSqlInstance
backupdr.backupPlans.useForComputeDisk
backupdr.backupPlans.useForComputeInstance
backupdr.backupPlans.useForFilestoreInstance

backupdr.backupVaults.*

backupdr.backupVaults.associate
backupdr.backupVaults.create
backupdr.backupVaults.delete
backupdr.backupVaults.get
backupdr.backupVaults.list
backupdr.backupVaults.update

backupdr.bvbackups.*

backupdr.bvbackups.delete
backupdr.bvbackups.fetchForCloudSqlInstance
backupdr.bvbackups.fetchForComputeDisk
backupdr.bvbackups.fetchForComputeInstance
backupdr.bvbackups.get
backupdr.bvbackups.list
backupdr.bvbackups.restore
backupdr.bvbackups.update
backupdr.bvbackups.useReadOnlyForAlloydbCluster
backupdr.bvbackups.useReadOnlyForCloudSqlInstance
backupdr.bvbackups.useReadOnlyForFilestoreInstance

backupdr.bvdataSources.*

backupdr.bvdataSources.abandonBackup
backupdr.bvdataSources.fetchAccessToken
backupdr.bvdataSources.finalizeBackup
backupdr.bvdataSources.get
backupdr.bvdataSources.initiateBackup
backupdr.bvdataSources.list
backupdr.bvdataSources.remove
backupdr.bvdataSources.setInternalStatus
backupdr.bvdataSources.update
backupdr.bvdataSources.useReadOnlyForAlloydbCluster
backupdr.bvdataSources.useReadOnlyForCloudSqlInstance

backupdr.compute.restoreFromBackupVault

backupdr.dataSourceReferences.*

backupdr.dataSourceReferences.fetchForAlloydbCluster
backupdr.dataSourceReferences.fetchForCloudSqlInstance
backupdr.dataSourceReferences.fetchForFilestoreInstance
backupdr.dataSourceReferences.getForAlloydbCluster
backupdr.dataSourceReferences.getForCloudSqlInstance
backupdr.dataSourceReferences.getForFilestoreInstance
backupdr.dataSourceReferences.list

backupdr.locations.*

backupdr.locations.get
backupdr.locations.list

backupdr.managementServers.*

backupdr.managementServers.access
backupdr.managementServers.accessSensitiveData
backupdr.managementServers.assignBackupPlans
backupdr.managementServers.backupAccess
backupdr.managementServers.create
backupdr.managementServers.createConnection
backupdr.managementServers.createDynamicProtection
backupdr.managementServers.delete
backupdr.managementServers.deleteDynamicProtection
backupdr.managementServers.get
backupdr.managementServers.getDynamicProtection
backupdr.managementServers.getIamPolicy
backupdr.managementServers.list
backupdr.managementServers.listDynamicProtection
backupdr.managementServers.manageApplications
backupdr.managementServers.manageBackupPlans
backupdr.managementServers.manageBackupServers
backupdr.managementServers.manageBackups
backupdr.managementServers.manageClones
backupdr.managementServers.manageExpiration
backupdr.managementServers.manageHosts
backupdr.managementServers.manageInternalACL
backupdr.managementServers.manageJobs
backupdr.managementServers.manageLiveClones
backupdr.managementServers.manageMigrations
backupdr.managementServers.manageMirroring
backupdr.managementServers.manageMounts
backupdr.managementServers.manageRestores
backupdr.managementServers.manageSensitiveData
backupdr.managementServers.manageStorage
backupdr.managementServers.manageSystem
backupdr.managementServers.manageWorkflows
backupdr.managementServers.refreshWorkflows
backupdr.managementServers.runWorkflows
backupdr.managementServers.setIamPolicy
backupdr.managementServers.testFailOvers
backupdr.managementServers.viewBackupPlans
backupdr.managementServers.viewBackupServers
backupdr.managementServers.viewReports
backupdr.managementServers.viewStorage
backupdr.managementServers.viewSystem
backupdr.managementServers.viewWorkflows

backupdr.operations.*

backupdr.operations.cancel
backupdr.operations.delete
backupdr.operations.get
backupdr.operations.list

backupdr.serviceConfig.initialize

backupdr.trial.*

backupdr.trial.get
backupdr.trial.subscribe

resourcemanager.projects.get

resourcemanager.projects.list

Backup and DR Backup Config Viewer ^Beta

(roles/backupdr.backupConfigViewer)

Provides read access to resource backup config. Resource backup config has the metadata of a Google Cloud resource that can be backed up, along with its backup configurations.

backupdr.locations.list

backupdr.resourceBackupConfigs.*

backupdr.resourceBackupConfigs.get
backupdr.resourceBackupConfigs.list

Backup and DR Backup User

(roles/backupdr.backupUser)

Allows the user to apply existing backup plans. This role cannot create backup plans or restore from a backup.

backupdr.backupPlanAssociations.*

backupdr.backupPlanAssociations.createForAlloydbCluster
backupdr.backupPlanAssociations.createForCloudSqlInstance
backupdr.backupPlanAssociations.createForComputeDisk
backupdr.backupPlanAssociations.createForComputeInstance
backupdr.backupPlanAssociations.createForFilestoreInstance
backupdr.backupPlanAssociations.deleteForAlloydbCluster
backupdr.backupPlanAssociations.deleteForCloudSqlInstance
backupdr.backupPlanAssociations.deleteForComputeDisk
backupdr.backupPlanAssociations.deleteForComputeInstance
backupdr.backupPlanAssociations.deleteForFilestoreInstance
backupdr.backupPlanAssociations.fetchForAlloydbCluster
backupdr.backupPlanAssociations.fetchForCloudSqlInstance
backupdr.backupPlanAssociations.fetchForComputeDisk
backupdr.backupPlanAssociations.fetchForComputeInstance
backupdr.backupPlanAssociations.fetchForFilestoreInstance
backupdr.backupPlanAssociations.getForAlloydbCluster
backupdr.backupPlanAssociations.getForCloudSqlInstance
backupdr.backupPlanAssociations.getForComputeDisk
backupdr.backupPlanAssociations.getForComputeInstance
backupdr.backupPlanAssociations.getForFilestoreInstance
backupdr.backupPlanAssociations.list
backupdr.backupPlanAssociations.triggerBackupForAlloydbCluster
backupdr.backupPlanAssociations.triggerBackupForCloudSqlInstance
backupdr.backupPlanAssociations.triggerBackupForComputeDisk
backupdr.backupPlanAssociations.triggerBackupForComputeInstance
backupdr.backupPlanAssociations.triggerBackupForFilestoreInstance
backupdr.backupPlanAssociations.updateForAlloydbCluster
backupdr.backupPlanAssociations.updateForComputeDisk
backupdr.backupPlanAssociations.updateForComputeInstance
backupdr.backupPlanAssociations.updateForFilestoreInstance

backupdr.backupPlanRevisions.*

backupdr.backupPlanRevisions.get
backupdr.backupPlanRevisions.list

backupdr.backupPlans.get

backupdr.backupPlans.list

backupdr.backupPlans.useForAlloydbCluster

backupdr.backupPlans.useForCloudSqlInstance

backupdr.backupPlans.useForComputeDisk

backupdr.backupPlans.useForComputeInstance

backupdr.backupPlans.useForFilestoreInstance

backupdr.backupVaults.get

backupdr.backupVaults.list

backupdr.bvbackups.fetchForCloudSqlInstance

backupdr.bvbackups.fetchForComputeDisk

backupdr.bvbackups.fetchForComputeInstance

backupdr.bvbackups.get

backupdr.bvbackups.list

backupdr.bvdataSources.get

backupdr.bvdataSources.list

backupdr.dataSourceReferences.*

backupdr.dataSourceReferences.fetchForAlloydbCluster
backupdr.dataSourceReferences.fetchForCloudSqlInstance
backupdr.dataSourceReferences.fetchForFilestoreInstance
backupdr.dataSourceReferences.getForAlloydbCluster
backupdr.dataSourceReferences.getForCloudSqlInstance
backupdr.dataSourceReferences.getForFilestoreInstance
backupdr.dataSourceReferences.list

backupdr.locations.*

backupdr.locations.get
backupdr.locations.list

backupdr.managementServers.access

backupdr.managementServers.assignBackupPlans

backupdr.managementServers.createDynamicProtection

backupdr.managementServers.deleteDynamicProtection

backupdr.managementServers.get

backupdr.managementServers.getDynamicProtection

backupdr.managementServers.list

backupdr.managementServers.listDynamicProtection

backupdr.managementServers.manageApplications

backupdr.managementServers.manageBackups

backupdr.managementServers.manageHosts

backupdr.managementServers.viewBackupPlans

backupdr.managementServers.viewReports

backupdr.managementServers.viewStorage

backupdr.managementServers.viewSystem

backupdr.operations.get

backupdr.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Backup and DR Backup Vault Accessor

(roles/backupdr.backupvaultAccessor)

Allows the Backup Appliance permissions to create and manage backups in a backup vault.

backupdr.backupVaults.get

backupdr.backupVaults.list

backupdr.bvbackups.delete

backupdr.bvbackups.get

backupdr.bvbackups.list

backupdr.bvbackups.update

backupdr.bvdataSources.abandonBackup

backupdr.bvdataSources.fetchAccessToken

backupdr.bvdataSources.finalizeBackup

backupdr.bvdataSources.get

backupdr.bvdataSources.initiateBackup

backupdr.bvdataSources.list

backupdr.bvdataSources.remove

backupdr.bvdataSources.setInternalStatus

backupdr.bvdataSources.update

backupdr.operations.*

backupdr.operations.cancel
backupdr.operations.delete
backupdr.operations.get
backupdr.operations.list

Backup and DR Backup Vault Admin

(roles/backupdr.backupvaultAdmin)

Allows the Backup Appliance full administrative control of backup vault resources.

backupdr.backupVaults.*

backupdr.backupVaults.associate
backupdr.backupVaults.create
backupdr.backupVaults.delete
backupdr.backupVaults.get
backupdr.backupVaults.list
backupdr.backupVaults.update

backupdr.bvbackups.delete

backupdr.bvbackups.get

backupdr.bvbackups.list

backupdr.bvbackups.restore

backupdr.bvbackups.update

backupdr.bvdataSources.get

backupdr.bvdataSources.list

backupdr.bvdataSources.update

backupdr.compute.restoreFromBackupVault

backupdr.locations.*

backupdr.locations.get
backupdr.locations.list

backupdr.operations.*

backupdr.operations.cancel
backupdr.operations.delete
backupdr.operations.get
backupdr.operations.list

Backup and DR Backup Vault Lister

(roles/backupdr.backupvaultLister)

Allows the Backup Appliance permission to list backup vaults in a given project.

backupdr.backupVaults.list

Backup and DR Backup Vault Viewer

(roles/backupdr.backupvaultViewer)

Allows read-only permissions to access backup vault resources and backups.

backupdr.backupVaults.get

backupdr.backupVaults.list

backupdr.bvbackups.get

backupdr.bvbackups.list

backupdr.bvdataSources.get

backupdr.bvdataSources.list

backupdr.operations.get

backupdr.operations.list

Backup and DR Cloud SQL Operator ^Beta

(roles/backupdr.cloudSqlOperator)

Allows a Backup and DR service account to discover and backup Cloud SQL instances.

cloudsql.instances.createBackupDrBackup

cloudsql.instances.get

Backup and DR Cloud Storage Operator

(roles/backupdr.cloudStorageOperator)

Allows a Backup and DR service account to store and manage data (backups or metadata) in Cloud Storage.

storage.buckets.create

storage.buckets.get

storage.objects.create

storage.objects.delete

storage.objects.get

storage.objects.list

Backup and DR Compute Engine Operator

(roles/backupdr.computeEngineOperator)

Allows a Backup and DR service account to discover, back up, and restore Compute Engine VM instances.

backupdr.managementServers.createConnection

compute.addresses.list

compute.addresses.use

compute.addresses.useInternal

compute.diskTypes.*

compute.diskTypes.get
compute.diskTypes.list

compute.disks.create

compute.disks.createSnapshot

compute.disks.delete

compute.disks.get

compute.disks.setLabels

compute.disks.use

compute.disks.useReadOnly

compute.firewalls.list

compute.globalOperations.get

compute.images.create

compute.images.delete

compute.images.get

compute.images.useReadOnly

compute.instances.attachDisk

compute.instances.create

compute.instances.createTagBinding

compute.instances.delete

compute.instances.detachDisk

compute.instances.get

compute.instances.list

compute.instances.listEffectiveTags

compute.instances.pscInterfaceCreate

compute.instances.setDeletionProtection

compute.instances.setLabels

compute.instances.setMetadata

compute.instances.setServiceAccount

compute.instances.setTags

compute.instances.start

compute.instances.stop

compute.instances.updateDisplayDevice

compute.instances.useReadOnly

compute.machineTypes.*

compute.machineTypes.get
compute.machineTypes.list

compute.networks.list

compute.nodeGroups.get

compute.nodeGroups.list

compute.nodeTemplates.get

compute.projects.get

compute.regionOperations.get

compute.regions.*

compute.regions.get
compute.regions.list

compute.resourcePolicies.use

compute.snapshots.create

compute.snapshots.delete

compute.snapshots.get

compute.snapshots.setLabels

compute.snapshots.useReadOnly

compute.subnetworks.list

compute.subnetworks.use

compute.subnetworks.useExternalIp

compute.zoneOperations.get

compute.zones.list

iam.serviceAccounts.actAs

iam.serviceAccounts.get

iam.serviceAccounts.list

resourcemanager.projects.get

resourcemanager.projects.list

Backup and DR Disk Operator ^Beta

(roles/backupdr.diskOperator)

Allows a Backup and DR service account to store and manage data (backups or metadata) in Disk.

compute.disks.create

compute.disks.createSnapshot

compute.disks.createTagBinding

compute.disks.get

compute.disks.list

compute.disks.setLabels

compute.disks.useReadOnly

compute.regionOperations.get

compute.resourcePolicies.use

compute.snapshots.setLabels

compute.snapshots.useReadOnly

compute.storagePools.use

compute.zoneOperations.get

Backup and DR Filestore Operator ^Beta

(roles/backupdr.filestoreOperator)

Allows a Backup and DR service account to discover and backup Filestore instances.

file.backups.create

file.instances.get

Backup and DR Management Server Accessor

(roles/backupdr.managementServerAccessor)

Grants the Backup and DR management server access role to Backup Appliances.

backupdr.managementServers.createConnection

Backup and DR Mount User

(roles/backupdr.mountUser)

Allows the user to mount from a backup. This role cannot create a backup plan or restore from a backup.

backupdr.locations.*

backupdr.locations.get
backupdr.locations.list

backupdr.managementServers.access

backupdr.managementServers.get

backupdr.managementServers.getDynamicProtection

backupdr.managementServers.list

backupdr.managementServers.listDynamicProtection

backupdr.managementServers.manageApplications

backupdr.managementServers.manageClones

backupdr.managementServers.manageHosts

backupdr.managementServers.manageLiveClones

backupdr.managementServers.manageMirroring

backupdr.managementServers.manageMounts

backupdr.managementServers.manageWorkflows

backupdr.managementServers.refreshWorkflows

backupdr.managementServers.runWorkflows

backupdr.managementServers.viewBackupPlans

backupdr.managementServers.viewReports

backupdr.managementServers.viewStorage

backupdr.managementServers.viewSystem

backupdr.managementServers.viewWorkflows

backupdr.operations.get

backupdr.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Backup and DR Restore User

(roles/backupdr.restoreUser)

Allows the user to restore or mount from a backup. This role cannot create a backup plan.

backupdr.backupVaults.get

backupdr.backupVaults.list

backupdr.bvbackups.fetchForCloudSqlInstance

backupdr.bvbackups.fetchForComputeDisk

backupdr.bvbackups.fetchForComputeInstance

backupdr.bvbackups.get

backupdr.bvbackups.list

backupdr.bvbackups.restore

backupdr.bvbackups.useReadOnlyForAlloydbCluster

backupdr.bvbackups.useReadOnlyForCloudSqlInstance

backupdr.bvbackups.useReadOnlyForFilestoreInstance

backupdr.bvdataSources.get

backupdr.bvdataSources.list

backupdr.bvdataSources.useReadOnlyForAlloydbCluster

backupdr.bvdataSources.useReadOnlyForCloudSqlInstance

backupdr.compute.restoreFromBackupVault

backupdr.dataSourceReferences.*

backupdr.dataSourceReferences.fetchForAlloydbCluster
backupdr.dataSourceReferences.fetchForCloudSqlInstance
backupdr.dataSourceReferences.fetchForFilestoreInstance
backupdr.dataSourceReferences.getForAlloydbCluster
backupdr.dataSourceReferences.getForCloudSqlInstance
backupdr.dataSourceReferences.getForFilestoreInstance
backupdr.dataSourceReferences.list

backupdr.locations.*

backupdr.locations.get
backupdr.locations.list

backupdr.managementServers.access

backupdr.managementServers.get

backupdr.managementServers.getDynamicProtection

backupdr.managementServers.list

backupdr.managementServers.listDynamicProtection

backupdr.managementServers.manageApplications

backupdr.managementServers.manageClones

backupdr.managementServers.manageHosts

backupdr.managementServers.manageLiveClones

backupdr.managementServers.manageMigrations

backupdr.managementServers.manageMirroring

backupdr.managementServers.manageMounts

backupdr.managementServers.manageRestores

backupdr.managementServers.manageWorkflows

backupdr.managementServers.refreshWorkflows

backupdr.managementServers.runWorkflows

backupdr.managementServers.testFailOvers

backupdr.managementServers.viewBackupPlans

backupdr.managementServers.viewReports

backupdr.managementServers.viewStorage

backupdr.managementServers.viewSystem

backupdr.managementServers.viewWorkflows

backupdr.operations.get

backupdr.operations.list

resourcemanager.projects.get

resourcemanager.projects.list

Backup and DR Service Agent

(roles/backupdr.serviceAgent)

Grants the Backup and DR Service access to protect Compute Engine instances.

alloydb.operations.get

cloudsql.instances.createBackupDrBackup

cloudsql.instances.get

compute.addresses.list

compute.addresses.use

compute.addresses.useInternal

compute.diskTypes.*

compute.diskTypes.get
compute.diskTypes.list

compute.disks.create

compute.disks.createSnapshot

compute.disks.delete

compute.disks.get

compute.disks.list

compute.disks.setLabels

compute.disks.use

compute.disks.useReadOnly

compute.firewalls.list

compute.globalOperations.get

compute.images.create

compute.images.delete

compute.images.get

compute.images.useReadOnly

compute.instances.attachDisk

compute.instances.create

compute.instances.delete

compute.instances.detachDisk

compute.instances.get

compute.instances.list

compute.instances.setLabels

compute.instances.setMetadata

compute.instances.setServiceAccount

compute.instances.setTags

compute.instances.start

compute.instances.stop

compute.instances.useReadOnly

compute.machineTypes.*

compute.machineTypes.get
compute.machineTypes.list

compute.networks.list

compute.nodeGroups.get

compute.nodeGroups.list

compute.nodeTemplates.get

compute.projects.get

compute.regionOperations.get

compute.regions.*

compute.regions.get
compute.regions.list

compute.snapshots.create

compute.snapshots.delete

compute.snapshots.get

compute.snapshots.setLabels

compute.snapshots.useReadOnly

compute.subnetworks.list

compute.subnetworks.use

compute.subnetworks.useExternalIp

compute.zoneOperations.get

compute.zones.list

file.backups.create

file.instances.get

iam.serviceAccounts.actAs

iam.serviceAccounts.get

iam.serviceAccounts.list

resourcemanager.projects.get

resourcemanager.projects.list

Backup and DR User

(roles/backupdr.user)

Provides access to management console. Granular Backup and DR permissions depend on ACL configuration provided by Backup and DR admin within the management console.

backupdr.backupPlanAssociations.createForComputeInstance

backupdr.backupPlanAssociations.deleteForComputeInstance

backupdr.backupPlanAssociations.updateForComputeInstance

backupdr.managementServers.access

backupdr.managementServers.backupAccess

backupdr.managementServers.get

backupdr.managementServers.getDynamicProtection

backupdr.managementServers.getIamPolicy

backupdr.managementServers.list

backupdr.managementServers.listDynamicProtection

backupdr.managementServers.viewBackupPlans

backupdr.managementServers.viewBackupServers

backupdr.managementServers.viewReports

backupdr.managementServers.viewStorage

backupdr.managementServers.viewSystem

backupdr.managementServers.viewWorkflows

backupdr.operations.get

backupdr.operations.list

backupdr.trial.get

resourcemanager.projects.get

resourcemanager.projects.list

Backup and DR User V2

(roles/backupdr.userv2)

Provides full access to Backup and DR resources except deploying and managing backup infrastructure, expiring backups, changing data sensitivity and configuring on-premises billing.

backupdr.backupPlanAssociations.*

backupdr.backupPlanAssociations.createForAlloydbCluster
backupdr.backupPlanAssociations.createForCloudSqlInstance
backupdr.backupPlanAssociations.createForComputeDisk
backupdr.backupPlanAssociations.createForComputeInstance
backupdr.backupPlanAssociations.createForFilestoreInstance
backupdr.backupPlanAssociations.deleteForAlloydbCluster
backupdr.backupPlanAssociations.deleteForCloudSqlInstance
backupdr.backupPlanAssociations.deleteForComputeDisk
backupdr.backupPlanAssociations.deleteForComputeInstance
backupdr.backupPlanAssociations.deleteForFilestoreInstance
backupdr.backupPlanAssociations.fetchForAlloydbCluster
backupdr.backupPlanAssociations.fetchForCloudSqlInstance
backupdr.backupPlanAssociations.fetchForComputeDisk
backupdr.backupPlanAssociations.fetchForComputeInstance
backupdr.backupPlanAssociations.fetchForFilestoreInstance
backupdr.backupPlanAssociations.getForAlloydbCluster
backupdr.backupPlanAssociations.getForCloudSqlInstance
backupdr.backupPlanAssociations.getForComputeDisk
backupdr.backupPlanAssociations.getForComputeInstance
backupdr.backupPlanAssociations.getForFilestoreInstance
backupdr.backupPlanAssociations.list
backupdr.backupPlanAssociations.triggerBackupForAlloydbCluster
backupdr.backupPlanAssociations.triggerBackupForCloudSqlInstance
backupdr.backupPlanAssociations.triggerBackupForComputeDisk
backupdr.backupPlanAssociations.triggerBackupForComputeInstance
backupdr.backupPlanAssociations.triggerBackupForFilestoreInstance
backupdr.backupPlanAssociations.updateForAlloydbCluster
backupdr.backupPlanAssociations.updateForComputeDisk
backupdr.backupPlanAssociations.updateForComputeInstance
backupdr.backupPlanAssociations.updateForFilestoreInstance

backupdr.backupPlanRevisions.*

backupdr.backupPlanRevisions.get
backupdr.backupPlanRevisions.list

backupdr.backupPlans.*

backupdr.backupPlans.create
backupdr.backupPlans.delete
backupdr.backupPlans.get
backupdr.backupPlans.list
backupdr.backupPlans.update
backupdr.backupPlans.useForAlloydbCluster
backupdr.backupPlans.useForCloudSqlInstance
backupdr.backupPlans.useForComputeDisk
backupdr.backupPlans.useForComputeInstance
backupdr.backupPlans.useForFilestoreInstance

backupdr.backupVaults.associate

backupdr.backupVaults.get

backupdr.backupVaults.list

backupdr.bvbackups.fetchForCloudSqlInstance

backupdr.bvbackups.fetchForComputeDisk

backupdr.bvbackups.fetchForComputeInstance

backupdr.bvbackups.get

backupdr.bvbackups.list

backupdr.bvbackups.restore

backupdr.bvbackups.useReadOnlyForAlloydbCluster

backupdr.bvbackups.useReadOnlyForCloudSqlInstance

backupdr.bvbackups.useReadOnlyForFilestoreInstance

backupdr.bvdataSources.get

backupdr.bvdataSources.list

backupdr.bvdataSources.useReadOnlyForAlloydbCluster

backupdr.bvdataSources.useReadOnlyForCloudSqlInstance

backupdr.compute.restoreFromBackupVault

backupdr.dataSourceReferences.*

backupdr.dataSourceReferences.fetchForAlloydbCluster
backupdr.dataSourceReferences.fetchForCloudSqlInstance
backupdr.dataSourceReferences.fetchForFilestoreInstance
backupdr.dataSourceReferences.getForAlloydbCluster
backupdr.dataSourceReferences.getForCloudSqlInstance
backupdr.dataSourceReferences.getForFilestoreInstance
backupdr.dataSourceReferences.list

backupdr.locations.*

backupdr.locations.get
backupdr.locations.list

backupdr.managementServers.access

backupdr.managementServers.assignBackupPlans

backupdr.managementServers.backupAccess

backupdr.managementServers.createDynamicProtection

backupdr.managementServers.deleteDynamicProtection

backupdr.managementServers.get

backupdr.managementServers.getDynamicProtection

backupdr.managementServers.getIamPolicy

backupdr.managementServers.list

backupdr.managementServers.listDynamicProtection

backupdr.managementServers.manageApplications

backupdr.managementServers.manageBackupPlans

backupdr.managementServers.manageBackups

backupdr.managementServers.manageClones

backupdr.managementServers.manageHosts

backupdr.managementServers.manageJobs

backupdr.managementServers.manageLiveClones

backupdr.managementServers.manageMigrations

backupdr.managementServers.manageMirroring

backupdr.managementServers.manageMounts

backupdr.managementServers.manageRestores

backupdr.managementServers.manageWorkflows

backupdr.managementServers.refreshWorkflows

backupdr.managementServers.runWorkflows

backupdr.managementServers.testFailOvers

backupdr.managementServers.viewBackupPlans

backupdr.managementServers.viewBackupServers

backupdr.managementServers.viewReports

backupdr.managementServers.viewStorage

backupdr.managementServers.viewSystem

backupdr.managementServers.viewWorkflows

backupdr.operations.get

backupdr.operations.list

backupdr.trial.get

resourcemanager.projects.get

resourcemanager.projects.list

Backup and DR Viewer

(roles/backupdr.viewer)

Provides read-only access to all Backup and DR resources.

backupdr.backupPlanAssociations.fetchForAlloydbCluster

backupdr.backupPlanAssociations.fetchForCloudSqlInstance

backupdr.backupPlanAssociations.fetchForComputeDisk

backupdr.backupPlanAssociations.fetchForComputeInstance

backupdr.backupPlanAssociations.fetchForFilestoreInstance

backupdr.backupPlanAssociations.getForAlloydbCluster

backupdr.backupPlanAssociations.getForCloudSqlInstance

backupdr.backupPlanAssociations.getForComputeDisk

backupdr.backupPlanAssociations.getForComputeInstance

backupdr.backupPlanAssociations.getForFilestoreInstance

backupdr.backupPlanAssociations.list

backupdr.backupPlanRevisions.*

backupdr.backupPlanRevisions.get
backupdr.backupPlanRevisions.list

backupdr.backupPlans.get

backupdr.backupPlans.list

backupdr.backupVaults.get

backupdr.backupVaults.list

backupdr.bvbackups.fetchForCloudSqlInstance

backupdr.bvbackups.fetchForComputeDisk

backupdr.bvbackups.fetchForComputeInstance

backupdr.bvbackups.get

backupdr.bvbackups.list

backupdr.bvdataSources.get

backupdr.bvdataSources.list

backupdr.dataSourceReferences.*

backupdr.dataSourceReferences.fetchForAlloydbCluster
backupdr.dataSourceReferences.fetchForCloudSqlInstance
backupdr.dataSourceReferences.fetchForFilestoreInstance
backupdr.dataSourceReferences.getForAlloydbCluster
backupdr.dataSourceReferences.getForCloudSqlInstance
backupdr.dataSourceReferences.getForFilestoreInstance
backupdr.dataSourceReferences.list

backupdr.locations.*

backupdr.locations.get
backupdr.locations.list

backupdr.managementServers.access

backupdr.managementServers.backupAccess

backupdr.managementServers.get

backupdr.managementServers.getDynamicProtection

backupdr.managementServers.getIamPolicy

backupdr.managementServers.list

backupdr.managementServers.listDynamicProtection

backupdr.managementServers.viewBackupPlans

backupdr.managementServers.viewBackupServers

backupdr.managementServers.viewReports

backupdr.managementServers.viewStorage

backupdr.managementServers.viewSystem

backupdr.managementServers.viewWorkflows

backupdr.operations.get

backupdr.operations.list

backupdr.trial.get

resourcemanager.projects.get

resourcemanager.projects.list

Funciones básicas

Las funciones básicas son funciones a nivel de proyecto anteriores a IAM. Consulta Funciones básicas para obtener más detalles.

Si bien Backup and DR admite los siguientes roles básicos, debes usar uno de los roles predefinidos siempre que sea posible. Las funciones básicas incluyen permisos amplios que se aplican a todos tus recursos de Google Cloud ; en cambio, las funciones predefinidas de Backup and DR incluyen permisos específicos que se aplican solo a Backup and DR.

Roles de IAM básicos	Descripción
Editor (`roles/editor`)	Proporciona acceso completo a todos los recursos de Backup and DR.
Propietario (`roles/owner`)	Proporciona acceso completo a todos los recursos de Backup and DR.

Permisos de IAM para el servicio Backup and DR

En la siguiente tabla, se enumeran los permisos de IAM asociados con el servicio de Backup and DR. Los permisos de IAM se agrupan en funciones y asignas funciones a usuarios y grupos.

En la siguiente tabla, se incluye la descripción de cada permiso de Backup and DR.

Nombre del permiso	Descripción
backupdr.managementServers.manageClones	Proporciona permisos para crear y administrar clones a partir de copias de seguridad.
backupdr.managementServers.manageLiveClones	Proporciona permisos para crear y administrar LiveClones a partir de copias de seguridad.
backupdr.managementServers.manageMounts	Proporciona permisos para crear y administrar activaciones activas desde copias de seguridad.
backupdr.managementServers.manageRestores	Proporciona los permisos necesarios para restablecer desde copias de seguridad.
backupdr.managementServers.manageBackups	Proporciona permisos para realizar operaciones de copia de seguridad: Copiar ahora.
backupdr.managementServers.viewSystem	Proporciona acceso para ver la configuración del dispositivo de copia de seguridad o recuperación.
backupdr.managementServers.manageSystem	Proporciona permisos para configurar dispositivos de copia de seguridad y recuperación, y el administrador de informes.
backupdr.managementServers.viewStorage	Proporciona acceso para ver las configuraciones de almacenamiento y de grupos de discos.
backupdr.managementServers.manageStorage	Proporciona permisos para agregar, modificar, quitar y ver grupos de almacenamiento y discos.
backupdr.managementServers.viewBackupPlans	Proporciona acceso para ver planes de copias de seguridad, plantillas de copias de seguridad y perfiles de recursos.
backupdr.managementServers.assignBackupPlans	Proporciona permisos para asignar planes de copia de seguridad preconfigurados (plantillas de copia de seguridad y perfiles de recursos) a aplicaciones o cargas de trabajo.
backupdr.managementServers.manageBackupPlans	Proporciona permisos para crear, modificar, borrar, ver y asignar planes de copia de seguridad (plantillas de copia de seguridad y perfiles de recursos).
backupdr.managementServers.testFailOvers	Proporciona permisos para realizar pruebas de conmutación por error y borrar operaciones de prueba de conmutación por error en una copia de seguridad remota de StreamSnap.
backupdr.managementServers.viewWorkflows	Proporciona acceso para ver los flujos de trabajo de Backup and DR que automatizan el acceso a los datos de copia dentro del servicio Backup and DR.
backupdr.managementServers.runWorkflows	Proporciona permisos para ejecutar flujos de trabajo de Backup and DR preconfigurados que automatizan el acceso para copiar datos dentro del servicio de Backup and DR.
backupdr.managementServers.refreshWorkflows	Proporciona permisos para actualizar un clon creado por un flujo de trabajo de copia de seguridad de Backup and DR que automatiza el acceso para copiar datos dentro del servicio Backup and DR.
backupdr.managementServers.manageWorkflows	Proporciona permisos para agregar, modificar, quitar, ejecutar y ver el flujo de trabajo de copia de seguridad de Backup and DR que automatiza el acceso a los datos de copia dentro del servicio Backup and DR.
backupdr.managementServers.manageMirroring	Proporciona permisos para realizar operaciones de conmutación por error, sincronización inversa, limpieza, conmutación por recuperación, prueba de conmutación por error y eliminación de prueba de conmutación por error en una copia de seguridad remota de StreamSnap.
backupdr.managementServers.manageHosts	Proporciona permisos para agregar, modificar, quitar y ver hosts (máquinas físicas y virtuales)
backupdr.managementServers.manageApplications	Proporciona permisos para administrar todos los aspectos de las aplicaciones, incluidos los grupos lógicos y los grupos de coherencia, ejecutar copias de seguridad a pedido y exportar plantillas.
backupdr.managementServers.manageSensitiveData	Proporciona los permisos necesarios para marcar aplicaciones y copias de seguridad como datos sensibles o no sensibles.
backupdr.managementServers.accessSensitiveData	Proporciona acceso a las aplicaciones y las copias de seguridad marcadas como sensibles.
backupdr.managementServers.manageBackupServers	Proporciona los permisos necesarios para ejecutar las APIs del servidor de copias de seguridad a través de la consola de administración.
backupdr.managementServers.manageExpiration	Proporciona los permisos necesarios para que venzan las copias de seguridad.
backupdr.managementServers.access	Proporciona acceso a la consola de administración y a las APIs asociadas.
backupdr.managementServers.onpremUsageUpload	Proporciona acceso a todos los extremos necesarios para subir el uso a un adaptador local.
backupdr.managementServers.viewReports	Proporciona acceso al Administrador de informes para ejecutar informes y ver o descargar los resultados.
backupdr.managementServers.manageJobs	Proporciona permisos para cancelar trabajos y modificar su prioridad.
backupdr.managementServers.manageMigrations	Proporciona permisos para administrar la migración de datos activados como paso final en una operación de clonación o restablecimiento.

Permisos necesarios para usar la CMEK

Para obtener información sobre los permisos necesarios para usar CMEK, consulta Claves de encriptación administradas por el cliente (CMEK).

Controla el acceso al servicio de copia de seguridad y DR con IAM Organiza tus páginas con colecciones Guarda y categoriza el contenido según tus preferencias.

Cómo controla el acceso IAM

Tipos de roles de IAM

Permisos de IAM

Permisos a nivel del proyecto frente a los de nivel del recurso

Roles predefinidos de IAM para el servicio Backup and DR

Backup and DR Admin

Backup and DR Backup Config Viewer Beta

Backup and DR Backup User

Backup and DR Backup Vault Accessor

Backup and DR Backup Vault Admin

Backup and DR Backup Vault Lister

Backup and DR Backup Vault Viewer

Backup and DR Cloud SQL Operator Beta

Backup and DR Cloud Storage Operator

Backup and DR Compute Engine Operator

Backup and DR Disk Operator Beta

Backup and DR Filestore Operator Beta

Backup and DR Management Server Accessor

Backup and DR Mount User

Backup and DR Restore User

Backup and DR Service Agent

Backup and DR User

Backup and DR User V2

Backup and DR Viewer

Funciones básicas

Permisos de IAM para el servicio Backup and DR

Permisos necesarios para usar la CMEK

Controla el acceso al servicio de copia de seguridad y DR con IAM

Backup and DR Backup Config Viewer ^Beta

Backup and DR Cloud SQL Operator ^Beta

Backup and DR Disk Operator ^Beta

Backup and DR Filestore Operator ^Beta