First published on MSDN on Nov 13, 2018
Consider that you have configured the LTR Backup for your Azure SQL Database and you are not able to view it on the Portal.
Figure 1: LTR configure policies pane
And when you click on available backups you do not see the list of backups.
Figure 2: Available Backups pane
This might be related to a permissions issue on the subscription level. Basically, the LTR Backups are related to the subscription and not the server, so if the server was deleted those LTR backups would still exist as they are associated with the Subscription.
Now to give yourself permission to view and restore the LTR backups, please make sure that you have one of the following permissions on the subscription level:
Please note that you can grant permissions for your users using the PowerShell cmdlets, full tutorial can be found here: I cannot see the Long-Term Retention (LTR) backups
If more granular control is required, you can create custom RBAC roles and assign them in the Subscription scope.
For Get-AzureRmSqlDatabaseLongTermRetentionBackup and Restore-AzureRmSqlDatabase the role needs to have the following permissions:
Microsoft.Sql/locations/longTermRetentionBackups/read Microsoft.Sql/locations/longTermRetentionServers/longTermRetentionBackups/read Microsoft.Sql/locations/longTermRetentionServers/longTermRetentionDatabases/longTermRetentionBackups/read
For Remove-AzureRmSqlDatabaseLongTermRetentionBackup the role needs to have thefollowing permissions:
Microsoft.Sql/locations/longTermRetentionServers/longTermRetentionDatabases/longTermRetentionBackups/delete
Now after you grant the required permissions to view the LTR backups on the Subscription level, you will be able to view them at the Avaiable Backups pane as shown in image 3 below.
Figure 3: Available Backups after granting the required permissions
Consider that you have configured the LTR Backup for your Azure SQL Database and you are not able to view it on the Portal.
Figure 1: LTR configure policies pane
And when you click on available backups you do not see the list of backups.
Figure 2: Available Backups pane
This might be related to a permissions issue on the subscription level. Basically, the LTR Backups are related to the subscription and not the server, so if the server was deleted those LTR backups would still exist as they are associated with the Subscription.
Now to give yourself permission to view and restore the LTR backups, please make sure that you have one of the following permissions on the subscription level:
- Subscription Owner or
- SQL Server Contributor role in Subscription scope or
- SQL Database Contributor role in Subscription scope
Please note that you can grant permissions for your users using the PowerShell cmdlets, full tutorial can be found here: I cannot see the Long-Term Retention (LTR) backups
If more granular control is required, you can create custom RBAC roles and assign them in the Subscription scope.
For Get-AzureRmSqlDatabaseLongTermRetentionBackup and Restore-AzureRmSqlDatabase the role needs to have the following permissions:
Microsoft.Sql/locations/longTermRetentionBackups/read Microsoft.Sql/locations/longTermRetentionServers/longTermRetentionBackups/read Microsoft.Sql/locations/longTermRetentionServers/longTermRetentionDatabases/longTermRetentionBackups/read
For Remove-AzureRmSqlDatabaseLongTermRetentionBackup the role needs to have thefollowing permissions:
Microsoft.Sql/locations/longTermRetentionServers/longTermRetentionDatabases/longTermRetentionBackups/delete
Now after you grant the required permissions to view the LTR backups on the Subscription level, you will be able to view them at the Avaiable Backups pane as shown in image 3 below.
Figure 3: Available Backups after granting the required permissions
Published Mar 14, 2019
Version 1.0
Bashar-MSFT
Microsoft
Microsoft