- Notes, cautions, and warnings
- Preface
- Introduction
- Authentication
- Component access control
- Login security settings
- Authentication types and setup
- Managing identity providers
- Troubleshooting LDAP configuration issues
- User and credential management
- Authentication to external systems
- Authorization
- Log Settings
- Network and Communication Security Settings
- Data Security Settings
- Cryptography
- Security certificates
- Certificate management
- REST API Procedures
PowerProtect Data Manager 19.9 Security Configuration Guide
System-provided roles and associated privileges
A role defines the privileges and permissions that a user has to perform a group of tasks. When a user is assigned a role, you grant the user all of the privileges that are defined by the role.
By using the predefined roles, you can limit access to PowerProtect Data Manager and to backup data by applying the principle of least privilege.
You can assign a user to multiple roles. For example, a user who has both Backup Administrator and Restore Administrator roles but does not have full system administration privileges.
Administrator role
The system Administrator role is responsible for setup, configuration, and all PowerProtect Data Manager management functions. The Administrator role provides systemwide access to all functionality across all organizations. One default Administrator role is assigned at PowerProtect Data Manager deployment and installation. You can add and assign additional Administrator roles to users in your organization who require full access to the system.
User role
The User role is responsible for monitoring the PowerProtect Data Manager Dashboard, Activity Monitor, and Notifications. The User role provides read-only access to monitor activities and operations. Assign the User role to users in your organization who monitor Dashboard activities, Activity Monitor, and Notifications. Users with this role do not require the ability to configure the system or access backup data. Most privileges that are held by this role are read-only.
Security Administrator role
The Security Administrator role is defined for a limited set of users whose manage user accounts and roles, privileges, audit logs, and authentication sources. These functions are separate from the Administrator role. You can assign this role to individuals with security clearances who may not be responsible for day-to-day operations but who clear other users for access.
Backup Administrator role
The Backup Administrator role is responsible for defining, configuring, and completing protection tasks such as backup operations. Individuals with this limited access role do not require the full set of system administrator permissions. These users work with resources that the system administrator has already configured. The Backup Administrator role can backup assets and manage copies at the asset level but cannot back up at the protection policy level.
Restore Administrator role
The Restore Administrator role is responsible for completing restore operations. Individuals with this limited access role do not require the full set of system administrator permissions. These individuals work with backups that exist in protection storage and with resources that the system administrator has already configured.
Role privileges
The following table details the privileges that correspond to each predefined role. Role privilege definitions provides more information about the allowed activities for each privilege.
| Category | Roles | ||||
|---|---|---|---|---|---|
| Privilege | Administrator | User | Security Administrator | Backup Administrator | Restore Administrator |
| Monitoring | |||||
| View Events | Y | Y | N | Y | Y |
| Manage Events | Y | N | N | Y | Y |
| View Historical Data | Y | Y | N | N | N |
| View Task/Activities | Y | Y | N | Y | Y |
| Manage External Notifications | Y | N | N | N | N |
| Security and System Audit | |||||
| View Security/System Audit | Y | Y | Y | N | N |
| Manage Security/System Audit | Y | N | Y | N | N |
| User and Security Management | |||||
| View User Security | Y | Y | Y | N | N |
| Manage User Security | Y | N | Y | N | N |
| Support Assistance and Log Management | |||||
| View Diagnostic Logs | Y | Y | N | N | N |
| Manage Diagnostic Logs | Y | N | N | N | N |
| System Management | |||||
| View System Settings | Y | Y | Y | Y | Y |
| Manage System Settings | Y | N | N | N | N |
| Activity Management | |||||
| Manage Task | Y | N | N | Y | Y |
| Workflow Execution | Y | N | N | N | N |
| Manage Discovery Jobs | Y | N | N | N | N |
| Asset Management | |||||
| View Assets | Y | Y | Y | Y | Y |
| Manage Assets | Y | N | N | Y | N |
| View Asset Sources | Y | Y | N | Y | Y |
| Manage Asset Sources | Y | N | N | N | N |
| View Host | Y | Y | N | Y | Y |
| Manage Host | Y | N | N | N | Y |
| View Protection Engines | Y | Y | N | Y | Y |
| Manage Protection Engines | Y | N | N | N | N |
| View Search Engines | Y | Y | N | Y | Y |
| Manage Search Engines | Y | N | N | N | N |
| Storage Management | |||||
| View Protection Storage Targets | Y | Y | N | Y | Y |
| Manage Protection Storage Targets | Y | N | N | N | N |
| View Storage Array | Y | Y | N | Y | Y |
| Manage Storage Array | Y | N | N | N | N |
| Manage Network | Y | N | N | N | N |
| Protection Policy | |||||
| View Policies | Y | Y | N | Y | N |
| Manage Policies | Y | N | N | N | N |
| Recovery and Reuse Management | |||||
| Rollback to Production | Y | N | N | N | Y |
| Recovery to Alternate Location | Y | N | N | N | Y |
| Export for Reuse | Y | N | N | N | Y |
| SLA Compliance Management | |||||
| View SLA/SLO | Y | N | N | Y | N |
| Manage SLA/SLO | Y | N | N | N | N |
| Copy Management | |||||
| View Copies | Y | N | N | Y | Y |
| Manage Copies | Y | N | N | Y | N |
| View Retention Range | Y | N | N | Y | N |
| Manage Retention Range | Y | N | N | N | N |
| Delete Copies | Y | N | N | N | N |
| All Copies Search | Y | N | N | N | N |
| Resource Group | |||||
| View Resource Groups | Y | N | Y | N | N |
| Manage Resource Groups | Y | N | Y | N | N |
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\