- Notes, cautions, and warnings
- Disclaimer
- Preface
- Introduction
- Authentication
- Component access control
- Login security settings
- Log in to the PowerProtect Data Manager Appliance REST API
- User and credential management
- Authentication types and setup
- Multi-factor authentication
- iDRAC
- Identity providers
- Authentication to external systems
- Authorization
- Log Settings
- Network and Communication Security Settings
- Data Security Settings
- Cryptography
- Security certificates
- External component certificate management
- Security Updates and Patching
- Authenticity and Integrity
- About product authenticity and integrity
- Verification
- Verify the signer or signers for Windows binaries
- Verify the vendor for Linux (RPM-based) packages
- Verify the vendor for Linux (Debian-based) packages
- Verify GPG signatures for Linux (RPM-based) packages
- Verify the signature for JAR files
- Verify SHA-256 checksums in Windows
- Verify SHA-256 checksums in Linux
- Verify SHA-256 checksums in AIX
- Miscellaneous Configuration and Management Elements
- REST API Procedures
- TLS Cipher Suites
- Glossary
PowerProtect Data Manager Appliance 5.15.0.0 Security Configuration Guide for DM5500
Example: providing self-service restores with scopes of authority
The following example illustrates a practical application for defining scopes of authority through roles and resource groups.
Your environment has the following configuration:
- Three ordinary users named Gurpreet, Lisa, and Eric.
- Three asset sources named Payroll, Prototypes, and Investigations.
- Each named user owns one of the named asset sources and requires no additional special accesses for daily work.
- These named users do not usually interact with PowerProtect Data Manager Appliance because system administrators manage protection policies and operations.
- These named users would like to restore their own assets from backups without assistance from system administrators.
Before the request, a system administrator would customarily assign the User role to these three users, or no access at all. The User role lacks permission to restore assets from backups.
To enable self-service restores, each user requires the Restore Administrator role. However, without a defined scope of authority, providing this role to all three users would enable access to backups belonging to any user.
To safely grant the request, you can define a resource group for each user and associate only the assets or asset source for that user. Each resource group permits a separate scope of authority in which you can grant that user the Restore Administrator role for those assets alone.
| Resource group name | Included resources |
|---|---|
| GurpreetRG | Payroll |
| LisaRG | Prototypes |
| EricRG | Investigations |
| User | Role | Scope |
|---|---|---|
| Gurpreet | Restore Administrator | GurpreetRG |
| User | GurpreetRG | |
| Lisa | Restore Administrator | LisaRG |
| User | LisaRG | |
| Eric | Restore Administrator | EricRG |
| User | EricRG |
All three users now have access to the PowerProtect Data Manager Appliance UI, where they can perform restore operations on their own data. The separate scopes isolate each user from all others.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\