A role defines the privileges and permissions that a user has to perform a group of tasks. When a user is assigned a role, you grant the user all of the privileges that are defined by the role.
By using the predefined roles, you can limit access to
PowerProtect Data Manager and to backup data by applying the principle of least privilege.
You can assign a user to multiple roles. For example, a user who has both
Backup Administrator and
Restore Administrator roles but does not have full system administration privileges.
Administrator role
The system
Administrator role is responsible for setup, configuration, and all
PowerProtect Data Manager management functions. The
Administrator role provides systemwide access to all functionality across all organizations. One default
Administrator role is assigned at
PowerProtect Data Manager deployment and installation. You can add and assign additional
Administrator roles to users in your organization who require full access to the system.
User role
The
User role is responsible for monitoring the
PowerProtect Data Manager Dashboard, Activity Monitor, and Notifications. The
User role provides read-only access to monitor activities and operations. Assign the
User role to users in your organization who monitor Dashboard activities, Activity Monitor, and Notifications. Users with this role do not require the ability to configure the system or access backup data. Most privileges that are held by this role are read-only.
Security Administrator role
The
Security Administrator role is defined for a limited set of users whose manage user accounts and roles, privileges, audit logs, and authentication sources. These functions are separate from the
Administrator role. You can assign this role to individuals with security clearances who may not be responsible for day-to-day operations but who clear other users for access.
Backup Administrator role
The
Backup Administrator role is responsible for defining, configuring, and completing protection tasks such as backup operations. Individuals with this limited access role do not require the full set of system administrator permissions. These users work with resources that the system administrator has already configured. The
Backup Administrator role can backup assets and manage copies at the asset level but cannot back up at the protection policy level.
Restore Administrator role
The
Restore Administrator role is responsible for completing restore operations. Individuals with this limited access role do not require the full set of system administrator permissions. These individuals work with backups that exist in
protection storage and with resources that the system administrator has already configured.
Role privileges
The following table details the privileges that correspond to each predefined role.
Role privilege definitions provides more information about the allowed activities for each privilege.
Table 1. Role privilegesRole privileges
Category
Roles
Privilege
Administrator
User
Security Administrator
Backup Administrator
Restore Administrator
Monitoring
View Events
Y
Y
N
Y
Y
Manage Events
Y
N
N
Y
Y
View Historical Data
Y
Y
N
N
N
View Task/Activities
Y
Y
N
Y
Y
Manage External Notifications
Y
N
N
N
N
Security and System Audit
View Security/System Audit
Y
Y
Y
N
N
Manage Security/System Audit
Y
N
Y
N
N
User and Security Management
View User Security
Y
Y
Y
N
N
Manage User Security
Y
N
Y
N
N
Support Assistance and Log Management
View Diagnostic Logs
Y
Y
N
N
N
Manage Diagnostic Logs
Y
N
N
N
N
System Management
View System Settings
Y
Y
Y
Y
Y
Manage System Settings
Y
N
N
N
N
Activity Management
Manage Task
Y
N
N
Y
Y
Workflow Execution
Y
N
N
N
N
Manage Discovery Jobs
Y
N
N
N
N
Asset Management
View Assets
Y
Y
Y
Y
Y
Manage Assets
Y
N
N
Y
N
View Asset Sources
Y
Y
N
Y
Y
Manage Asset Sources
Y
N
N
N
N
View Host
Y
Y
N
Y
Y
Manage Host
Y
N
N
N
Y
View Protection Engines
Y
Y
N
Y
Y
Manage Protection Engines
Y
N
N
N
N
View Search Engines
Y
Y
N
Y
Y
Manage Search Engines
Y
N
N
N
N
Storage Management
View Protection Storage Targets
Y
Y
N
Y
Y
Manage Protection Storage Targets
Y
N
N
N
N
View Storage Array
Y
Y
N
Y
Y
Manage Storage Array
Y
N
N
N
N
Manage Network
Y
N
N
N
N
Protection Policy
View Policies
Y
Y
N
Y
N
Manage Policies
Y
N
N
N
N
Recovery and Reuse Management
Rollback to Production
Y
N
N
N
Y
Recovery to Alternate Location
Y
N
N
N
Y
Export for Reuse
Y
N
N
N
Y
SLA Compliance Management
View SLA/SLO
Y
N
N
Y
N
Manage SLA/SLO
Y
N
N
N
N
Copy Management
View Copies
Y
N
N
Y
Y
Manage Copies
Y
N
N
Y
N
View Retention Range
Y
N
N
Y
N
Manage Retention Range
Y
N
N
N
N
Delete Copies
Y
N
N
N
N
All Copies Search
Y
N
N
N
N
Resource Group
View Resource Groups
Y
N
Y
N
N
Manage Resource Groups
Y
N
Y
N
N
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\