PowerProtect Data Manager Appliance 5.15.0.0 Security Configuration Guide for DM5500

PDF

Role privilege definitions

System-provided roles and associated privileges lists the privileges that PowerProtect Data Manager Appliance associates with each integrated role. For each privilege, the following tables identify the specific tasks which a user with that privilege can perform.

Table 1. Monitoring privilegesMonitoring privileges
Privilege	Task
View Alerts	View alerts and external notifications.
Manage Alerts	Create, publish, cancel, ignore, promote, and demote alerts and external notifications. Acknowledge alerts and add notes to alerts.
View Historical Data	View historical data that relates to plans, arrays, data targets, data sources, and capacity data.
View Activities	View jobs.
Manage Activities	Create, view, edit, and cancel activity resources. Export logs.
Manage External Notifications	Subscribe or unsubscribe a user for alert notifications.
Workflow Execution	Start and cancel workflow execution. View the status of workflow execution.
View Protection Activities	View protection activities. View protection diagnostic logs.
View Recovery Activities	View recovery activities. View recovery diagnostic logs.
View System Activities	View system activities.

Table 2. Security and system audit privilegesSecurity and system audit privileges
Privilege	Task
View Security/System Audit	View security audit–related events and activities.
Manage Security/System Audit	Acknowledge security audit–related events and activities. Export audit/change log of events and activities.

Table 3. Support assistance and log management privileges Support assistance and log management privileges
Privilege	Task
View Diagnostic Logs	View log bundle resources. View log information resources. View the log source resource. View server related logs. View logs.
Manage Diagnostic Logs	View and manage log bundle resources. View and edit the log source resource. Export server related logs. Export logs.

Table 4. User and security management privilegesUser and security management privileges
Privilege	Task
View User Security	View users and roles. View identity providers and AD/LDAP groups. View external host TLS certificates. View allowlists.
Manage User Security	Create, view, edit, and delete users. View roles. Create, view, edit, and delete allowlists. Create, view, edit, and delete external host TLS certificates. Create, view, edit, and delete identity providers. Create, view, edit, and delete user groups.
Manage Multi Factor Authentication	Add and manage MFA configuration. Enable and disable MFA for local users.
Manage Security Officer User Security	Create, view, edit, and delete users with security officer role
View Security Officer User Security	View users with security officer role

Table 5. System management privilegesSystem management privileges
Privilege	Task
View System Settings	View server disaster recovery artifacts. View maintenance mode. View license information. View server disaster recovery status. View SupportAssist information. View node, configuration EULA, operating system user, update package, component, configuration status, configuration logs, time zone, and state resources. View Cyber Recovery configuration.
Manage System Settings	Manage server disaster recovery activities. Manage SupportAssist gateway connection and other telemetry communications. View and edit node state resources. Update license information. View component, configuration status, configuration logs, time zone, and state resources. View and edit node, configuration EULA, operating system user, and lockbox resources. Create, view, edit, and delete update package resources. Manage Cyber Recovery configuration.

Table 6. Asset management privilegesAsset management privileges
Privilege	Task
View Assets	View assets.
Manage Assets	Create, view, edit, and delete assets. Add, view, edit, and delete protection policy assets. Perform manual backups of protected assets.
View Asset Sources	View asset sources.
Manage Asset Sources	Create, view, edit, and delete asset sources.
Manage Discovery Jobs	Create, view, edit, and delete discovery jobs.
View Host	View asset hosts.
Manage Host	Create, view, edit, and delete asset hosts. Add hosts for certain asset sources to perform restore operations.
View Protection Engines	View protection engines.
Manage Protection Engines	Create, view, edit, and delete protection engines.
View Search Engine	View the Search Engine.
Manage Search Engine	Create, view, edit, and delete the Search Engine.
Manage Application Agents	Install and update the agent on an application host.
View Application Agents	View the agent on an application host.

Table 7. Storage management privilegesStorage management privileges
Privilege	Task
View Protection Storage Targets	View storage targets.
Manage Protection Storage Targets	Create, view, edit, and delete storage targets.
View Storage Array	View storage arrays.
Manage Storage Array	Create, view, edit, and delete storage arrays.
Manage Network	Create and assign network interfaces to storage arrays.

Table 8. Protection policy privilegesProtection policy privileges
Privilege	Task
View Policies	View a list of all protection policies. View the storage target of a protection policy. View the accessible assets that are assigned to protection policies. View protection policy schedules. View protection policy network interfaces. View file exclusions. View protection rules. View protection policy-level or objective-level SLAs. View backup retention times. View backup retention locks. Export all protection policies.
Manage Policies	Create, view, edit, and delete protection policies. Disable protection policies. Create, view, edit, and delete protection schedules. Add, view, and edit protection policy storage targets. Add, view, and edit the assets that are protected by a protection policy. Perform manual backups and replication of protected assets. Manage protection rules. Manage file exclusions. Assign network interfaces to protection policies. Assign protection policy-level or objective-level SLAs. Set backup retention times. Set backup retention locks. Export all protection policies. Run asset protection reports.

Table 9. Recovery and reuse management privilegesRecovery and reuse management privileges
Privilege	Task
Rollback to Production	Create, view, edit, and start restore to production operations.
Recovery to Alternate Location	Create, view, edit, and start restore to alternate location operations.
Export for Reuse	Create, view, edit, and start export and reuse operations.
View Restore Plan	View the restore plan.
Manage Restore Plan	Create, view, edit, and delete the restore plan.
Execute Restore Plan	Run the restore plan.

Table 10. SLA compliance management privilegesSLA compliance management privileges
Privilege	Task
View SLA/SLO	View compliance results. View SLA and SLO policy.
Manage SLA/SLO	Export asset compliance results. Create, view, edit, and delete SLA and SLO policy.

Table 11. Copy management privilegesCopy management privileges
Privilege	Task
View Copies	View asset copies and backups.
Manage Copies	Edit asset copy and backup retention. Recall copies from the cloud. Edit asset copy and backup recall retention.
View Retention Range	View retention range.
Manage Retention Range	Manage retention range across all copies and backups.
Delete Copies	Delete copies and backups.
All Copies Search	Manage available copies and backups.

Table 12. Resource group privilegesResource group privileges
Privilege	Task
View Resource Groups	View a list of all resource groups. View resource group details.
Manage Resource Groups	Create, view, edit, and delete resource groups.

Table 13. Credential management privilegesResource group privileges
Privilege	Task
Manage All Credentials	Create, view, edit, delete all credentials
Manage Own Credentials	Create, view, edit, delete own credentials