Restoring backups

While the SDP maintenance package allows you to define backup jobs, the restore of those backups is not easily done using yaml definition. In order to restore backups, you should be assigned the AAD_SDP_Backup_Restore_Contributor group using Azure PIM. Only users in the AAD_SDP_Data_Admins group are eligible for this role.

Azure PIM is a managed service that allows users to create and manage their own profiles and Role-based access control. This allows for more granular control over who can restore backups, and also reduces the risk of accidentally restoring data that is not meant to be restored. Additionally, using an Azure PIM role for restores can make it easier to track down and fix any problems that may occur in the restores.

How-to restore backups

1. Go to Azure PIM (with your admin account) and activate the AZ_SDP_Backup_Restore_Contributor role.

2. Navigate to the Backup API:

   • Backup API Development

   • Backup API Test

   • Backup API Acceptance

   • Backup API Production

3. Press the Authorize button, select the scope Manage backups for the user and click Authorize then Close

4. Now choose whether you want to restore the latest backup (from the lastest folder), or an archived backup (from the archive folder). Click expand either the restore/latest or restore/archive/{backupId} POST request. And click Try it out.

Select either restore/latest or restore/archive/{backupId}

5. In case of /restore/latest: In the request body, supply the backup name and the destinationPath in the format of: https://[STORAGE_ACCOUNT].blob.core.windows.net/sdp/path/to/folder. You can look up a backup name by executing a GET on /backup or /backup/{id}. The backup name should also be visible from the maintenance package. And press Execute

6. In case of /restore/archive/{backupId}: Supply a backupId for which to run the restore in the backupId field. (You can lookup the restore by using a GET request on /backup), supply the name of the backup, and the destinationPath in the form of https://[STORAGE_ACCOUNT].blob.core.windows.net/sdp/path/to/folder. And press Execute.

7. Monitor the status of your restore by executing a GET request on the /restore or /restore/id endpoint.