Please could you give the list of permissions that are required to backup and restore state in AKS

Question

Please could you give the list of permissions that are required to backup and restore state in AKS

Michael Iles 0

The roles required for AKS backup/restore are documented here: https://learn.microsoft.com/en-us/azure/backup/azure-kubernetes-service-cluster-backup-concept.

We want to define a custom role with a least-privilege set of permissions, so we need to know the list of permissions (and scopes) required to add to the custom role which will allow us to do backup and restore for AKS.

Vinod Pittala 4,175 Reputation points Microsoft External Staff Moderator

2025-06-24T06:11:45.7+00:00

Hi Michael,

We haven't heard back from you regarding the advice Alex provided earlier. Could you please let us know if it was helpful? If you have any questions or encounter any issues, please don't hesitate to reach out. We are committed to resolving your concerns as a priority.

Thanks
Vinod Pittala 4,175 Reputation points Microsoft External Staff Moderator

2025-06-25T02:54:55.2833333+00:00

Hi Michael,

Just want to check if the Alex's answer worked for you or else please let us know if any help needed, we are always here to help whenever you need us.

Thanks

1 answer

Your answer

Vinod Pittala 4,175 Reputation points Microsoft External Staff Moderator

2025-06-24T06:11:45.7+00:00

Hi Michael,

We haven't heard back from you regarding the advice Alex provided earlier. Could you please let us know if it was helpful? If you have any questions or encounter any issues, please don't hesitate to reach out. We are committed to resolving your concerns as a priority.

Thanks
Vinod Pittala 4,175 Reputation points Microsoft External Staff Moderator

2025-06-25T02:54:55.2833333+00:00

Hi Michael,

Just want to check if the Alex's answer worked for you or else please let us know if any help needed, we are always here to help whenever you need us.

Thanks

Answer 1

Hi Michael & thanks for dropping this question, its a super important one when u wanna keep ur aks clusters safe, really...

So....., u gotta focus on these key permissions to make backup and restore work smoothly in aks. first, ur custom role needs 'microsoft.kubernetes/connectedclusters/read' and 'microsoft.kubernetes/connectedclusters/write' – that’s the bread and butter for accessing and modifying cluster stuff. also, don’t forget 'microsoft.resources/subscriptions/resourcegroups/read' so u can see where everything lives. https://learn.microsoft.com/en-us/azure/backup/azure-kubernetes-service-cluster-backup-concept and 'microsoft.backup/backupvaults/backup/action' is a must-have for actually triggering backups.

now, for the general stuff that’s handy no matter what platform u’re on )) check if ur role has just enough permissions to do the job, no more, no less. this ‘least privilege’ thing is golden for security. also, peek at ur audit logs regularly to spot any weirdness. this might help in other tools too, not just azure.

if u’re juggling multiple clusters, double check the scope of ur permissions. u don’t wanna accidentally give access to stuff that’s off limits. worth looking into how ur backup tool handles scopes, even if u switch platforms later.

hope this clears things up,

rgds,

Alex

Share via

Please could you give the list of permissions that are required to backup and restore state in AKS

1 answer

Your answer