Using the HYCU R‑Cloud Role for Azure

The Azure Resource Manager (ARM) creates a custom Azure role and assigns it to the HMSP when you add an Azure resource group as a source to R‑Cloud. For details, see Adding an Azure resource group as a source.

Depending on your data protection environment needs, you can add an Azure resource group to R‑Cloud as a source or as compute. For each case, a different set of permissions must be included in the HYCU R‑Cloud Role.

List of included permissions when adding anAzure resource group as a source

Permission	Action
Compute	disks/read disks/beginGetAccess/action disks/delete disks/endGetAccess/action disks/write snapshots/beginGetAccess/action snapshots/delete snapshots/endGetAccess/action snapshots/read snapshots/write virtualMachines/delete virtualMachines/write virtualMachines/read virtualMachines/retrieveBootDiagnosticsData/action virtualMachines/attachDetachDataDisks/action virtualMachines/instanceView/read galleries/images/versions/read
ContainerRegistry	registries/pull/read
Network	networkInterfaces/read networkInterfaces/write networkInterfaces/join/action networkInterfaces/delete networkSecurityGroups/read networkSecurityGroups/join/action publicIPAddresses/delete publicIPAddresses/read publicIPAddresses/write publicIPAddresses/join/action virtualNetworks/read virtualNetworks/write virtualNetworks/subnets/read virtualNetworks/subnets/join/action
Resource	subscriptions/resourcegroups/deployments/read subscriptions/resourcegroups/deployments/write subscriptions/resourcegroups/deployments/operations/read subscriptions/resourcegroups/deployments/operationstatuses/read subscriptions/resourcegroups/resources/read subscriptions/read subscriptions/resourceGroups/read
Security	Microsoft.Security/assessments/read
ServiceBus	Actions: namespaces/queues/read namespaces/queues/Delete namespaces/write namespaces/read namespaces/queues/write Data actions: namespaces/messages/send/action namespaces/messages/receive/action
Storage	Actions: storageAccounts/blobServices/* storageAccounts/blobServices/containers/* storageAccounts/blobServices/generateUserDelegationKey/action storageAccounts/read storageAccounts/write storageAccounts/managementPolicies/read storageAccounts/listkeys/action storageAccounts/delete Data actions: storageAccounts/blobServices/containers/blobs/tags/write storageAccounts/blobServices/containers/blobs/tags/read storageAccounts/blobServices/containers/blobs/*

List of included permissions when adding an Azure resource group as compute

Permission	Action
Compute	virtualMachines/read virtualMachines/write virtualMachines/delete disks/delete
Network	virtualNetworks/read virtualNetworks/subnets/read virtualNetworks/subnets/join/action networkInterfaces/write networkInterfaces/read networkInterfaces/delete networkInterfaces/join/action publicIPAddresses/read publicIPAddresses/write publicIPAddresses/join/action publicIPAddresses/delete
Resource	subscriptions/read subscriptions/resourceGroups/read