diff --git a/hassio/addons/validate.py b/hassio/addons/validate.py
index dc5afbbc6..f9335f7c3 100644
--- a/hassio/addons/validate.py
+++ b/hassio/addons/validate.py
@@ -24,7 +24,7 @@ from ..const import (
     PRIVILEGED_NET_ADMIN, PRIVILEGED_SYS_ADMIN, PRIVILEGED_SYS_RAWIO,
     PRIVILEGED_IPC_LOCK, PRIVILEGED_SYS_TIME, PRIVILEGED_SYS_NICE,
     PRIVILEGED_SYS_RESOURCE, PRIVILEGED_SYS_PTRACE, PRIVILEGED_DAC_READ_SEARCH,
-    ROLE_DEFAULT, ROLE_HOMEASSISTANT, ROLE_MANAGER, ROLE_ADMIN)
+    ROLE_DEFAULT, ROLE_HOMEASSISTANT, ROLE_MANAGER, ROLE_ADMIN, ROLE_BACKUP)
 from ..validate import (
     NETWORK_PORT, DOCKER_PORTS, ALSA_DEVICE, UUID_MATCH, SHA256)
 from ..services.validate import DISCOVERY_SERVICES
@@ -85,6 +85,7 @@ PRIVILEGED_ALL = [
 ROLE_ALL = [
     ROLE_DEFAULT,
     ROLE_HOMEASSISTANT,
+    ROLE_BACKUP,
     ROLE_MANAGER,
     ROLE_ADMIN,
 ]
diff --git a/hassio/api/security.py b/hassio/api/security.py
index aeac3f5bd..fe824e588 100644
--- a/hassio/api/security.py
+++ b/hassio/api/security.py
@@ -7,7 +7,7 @@ from aiohttp.web_exceptions import HTTPUnauthorized, HTTPForbidden
 
 from ..const import (
     HEADER_TOKEN, REQUEST_FROM, ROLE_ADMIN, ROLE_DEFAULT, ROLE_HOMEASSISTANT,
-    ROLE_MANAGER)
+    ROLE_MANAGER, ROLE_BACKUP)
 from ..coresys import CoreSysAttributes
 
 _LOGGER = logging.getLogger(__name__)
@@ -53,6 +53,11 @@ ADDONS_ROLE_ACCESS = {
         r"|/homeassistant/.+"
         r")$"
     ),
+    ROLE_BACKUP: re.compile(
+        r"^(?:"
+        r"|/snapshots.*"
+        r")$"
+    ),
     ROLE_MANAGER: re.compile(
         r"^(?:"
         r"|/homeassistant/.+"
diff --git a/hassio/const.py b/hassio/const.py
index 1653497e4..d6b2bb8d0 100644
--- a/hassio/const.py
+++ b/hassio/const.py
@@ -256,5 +256,6 @@ FEATURES_SERVICES = 'services'
 
 ROLE_DEFAULT = 'default'
 ROLE_HOMEASSISTANT = 'homeassistant'
+ROLE_BACKUP = 'backup'
 ROLE_MANAGER = 'manager'
 ROLE_ADMIN = 'admin'