Complete the following steps before creating, scheduling, or restoring backups.
Enable APIs
Enable the Filestore and Backup and DR Service APIs.
Enable Backup and DR Service API
Required roles
To get the permissions that you need to create an enhanced backup, ask your administrator to grant you the following IAM roles on your project:
-
Create and manage backups with Backup and DR Service:
Backup and DR Backup User (
roles/backupdr.backupUser) -
Create and manage Filestore instances:
Cloud Filestore Editor (
roles/file.editor) -
Use Cloud Key Management Service resources for encrypt and decrypt operations only:
Cloud Key Management Service CryptoKey Encrypter/Decrypter (
roles/cloudkms.cryptoKeyEncrypterDecrypter)
For more information about granting roles, see Manage access to projects, folders, and organizations.
These predefined roles contain the permissions required to create an enhanced backup. To see the exact permissions that are required, expand the Required permissions section:
Required permissions
The following permissions are required to create an enhanced backup:
-
backupdr.backupPlans.list -
backupdr.backupPlanAssociations.createForFilestoreInstance -
backupdr.backupPlanAssociations.list -
backupdr.backupPlanAssociations.get -
backupdr.backupPlanAssociations.triggerBackupForFilestoreInstance -
backupdr.backupPlanAssociations.deleteForFilestoreInstance -
backupdr.backupPlans.useForFilestoreInstance -
backupdr.locations.list -
backupdr.operations.get -
cloudasset.assets.searchAllResources
You might also be able to get these permissions with custom roles or other predefined roles.
What's next
- Learn how to create an enhanced backup.
- Learn how to schedule enhanced backups.
- Learn how to restore standard and enhanced backups.