- Notes, cautions, and warnings
- Disclaimer
- Preface
- Introduction
- Authentication
- Component access control
- Login security settings
- Log in to the PowerProtect Data Manager Appliance REST API
- User and credential management
- Authentication types and setup
- Multi-factor authentication
- iDRAC
- Identity providers
- Authentication to external systems
- Authorization
- Log Settings
- Network and Communication Security Settings
- Data Security Settings
- Cryptography
- Security certificates
- External component certificate management
- Security Updates and Patching
- Authenticity and Integrity
- About product authenticity and integrity
- Verification
- Verify the signer or signers for Windows binaries
- Verify the vendor for Linux (RPM-based) packages
- Verify the vendor for Linux (Debian-based) packages
- Verify GPG signatures for Linux (RPM-based) packages
- Verify the signature for JAR files
- Verify SHA-256 checksums in Windows
- Verify SHA-256 checksums in Linux
- Verify SHA-256 checksums in AIX
- Miscellaneous Configuration and Management Elements
- REST API Procedures
- TLS Cipher Suites
- Glossary
PowerProtect Data Manager Appliance 5.15.0.0 Security Configuration Guide for DM5500
Example: protecting and isolating confidential information with scopes of authority
The following example illustrates a practical application for defining scopes of authority through roles and resource groups.
Your environment has the following configuration:
- Three protection storage systems named Finance, Engineering, and HumanResources.
- Three asset sources named Payroll, Prototypes, and Investigations.
- Three users named Gurpreet, Lisa, and Eric, all with the Restore Administrator role.
- Each named user administers the assets for a different department.
Without resource groups, there is no defined scope of authority. All three users can restore from a backup of any asset source, even if those assets belong to another department and the backups contain confidential information.
To ensure information security, you can define three resource groups: FinDeptRG, EngDeptRG, and HRDeptRG. Now you can use these resource groups to create separate scopes of authority for each user:
| Resource group name | Included resources | |
|---|---|---|
| FinDeptRG | Finance | Payroll |
| EngDeptRG | Engineering | Prototypes |
| HRDeptRG | HumanResources | Investigations |
| User | Role | Scope |
|---|---|---|
| Gurpreet | Restore Administrator | FinDeptRG |
| User | All assets | |
| Lisa | Restore Administrator | EngDeptRG |
| User | All assets | |
| Eric | Restore Administrator | HRDeptRG |
| User | All assets |
The three users still share a common role in the same organization. However, the separate scopes prevent a user from acting on resources that belong to another department.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\