Least-privilege permissions used by R‑Cloud

To access your data protection environment and perform different tasks such as discovering entities, backing up data, and restoring data, R‑Cloud does the following:

• For AWS: Creates an IAM role for your AWS account with a predefined set of permissions.

  If you want to create a custom role with the least-privilege permissions needed to access your AWS data protection environment, you can use the R‑Cloud role template that contains a predefined set of these permissions. For instructions, see Using a role template for AWS.

• For Azure: Uses a custom role that is created by Azure Resource Manager (ARM). This role is configured as a least-privilege role. For more information about the role and its permissions, see Using the HYCU R‑Cloud Role for Azure.

• For Google Cloud: Uses the permissions that you granted to the Google Account, the Google Service Account, or the HMSA in Google Cloud.

  If you want to create a custom role with the least-privilege permissions needed to access your Google Cloud data protection environment, you can use the R‑Cloud role template that contains a predefined set of these permissions. For instructions, see Using a role template for Google Cloud.