Example: providing self-service restores with scopes of authority
The following example illustrates a practical application for defining scopes of authority through roles and resource groups.
Your environment has the following configuration:
Three ordinary users named
Gurpreet,
Lisa, and
Eric.
Three asset sources named
Payroll,
Prototypes, and
Investigations.
Each named user owns one of the named asset sources and requires no additional special accesses for daily work.
These named users do not usually interact with
PowerProtect Data Manager Appliance because system administrators manage protection policies and operations.
These named users would like to restore their own assets from backups without assistance from system administrators.
Before the request, a system administrator would customarily assign the
User role to these three users, or no access at all. The
User role lacks permission to restore assets from backups.
To enable self-service restores, each user requires the
Restore Administrator role. However, without a defined scope of authority, providing this role to all three users would enable access to backups belonging to any user.
To safely grant the request, you can define a resource group for each user and associate only the assets or asset source for that user. Each resource group permits a separate scope of authority in which you can grant that user the
Restore Administrator role for those assets alone.
Table 1. Resource groupsResource groups
Resource group name
Included resources
GurpreetRG
Payroll
LisaRG
Prototypes
EricRG
Investigations
Table 2. Scopes of authorityScopes of authority
User
Role
Scope
Gurpreet
Restore Administrator
GurpreetRG
User
GurpreetRG
Lisa
Restore Administrator
LisaRG
User
LisaRG
Eric
Restore Administrator
EricRG
User
EricRG
All three users now have access to the
PowerProtect Data Manager Appliance UI, where they can perform restore operations on their own data. The separate scopes isolate each user from all others.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\