β Important
This feature has limited availability. To know more about limited availability and sign up for this feature, contact your Account Manager.
You need to attach roles to the NAS proxy (Azure virtual machine) that runs the NAS agent. These roles are essential for executing the Azure APIs required for operations such as listing, reading, and writing to Azure Files.
Once the custom role is attached to the virtual machine, the necessary permissions for the Azure SDK are fetched from the Azure virtual machine instance's metadata service, allowing the NAS agent to start backup and restore operations using the Azure APIs.
Roles and Permissions
The following table provides detailed information about the permissions allowed for roles:
Permission Name | Description |
Microsoft.Storage/storageAccounts/write | Permission to create and read/list storage accounts. |
Microsoft.Storage/storageAccounts/fileServices/shares/read | Permission to manage Azure Files. |
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read | Permission to backup and restore Azure Files. |
You must attach the custom role to the virtual machine with the above Azure permissions. For more information, see the prerequisites section.