If you need to restrict access to a Commvault agent running on a Microsoft Azure VM, for security reasons, you can use a customized role-based access control (RBAC) role for Commvault operations and assign it to the VM’s managed identity.
Before You Begin
For the list of permissions required for Commvault operations, download CustomRoleDefinition.json file.
Procedure
-
In the Azure portal, enable Managed Identity for the VM.
-
Use the CustomRoleDefinition.json file to create the role.
-
Verify that the role that you created is available for assignment at the required scopes.
-
On the Azure Resource Group Identity and Access Management (IAM), assign the custom role to the VM’s managed identity.