- Notes, cautions, and warnings
- Disclaimer
- Preface
- Introduction
- Authentication
- Component access control
- Login security settings
- Log in to the PowerProtect Data Manager Appliance REST API
- User and credential management
- Authentication types and setup
- Multi-factor authentication
- iDRAC
- Identity providers
- Authentication to external systems
- Authorization
- Log Settings
- Network and Communication Security Settings
- Data Security Settings
- Cryptography
- Security certificates
- External component certificate management
- Security Updates and Patching
- Authenticity and Integrity
- About product authenticity and integrity
- Verification
- Verify the signer or signers for Windows binaries
- Verify the vendor for Linux (RPM-based) packages
- Verify the vendor for Linux (Debian-based) packages
- Verify GPG signatures for Linux (RPM-based) packages
- Verify the signature for JAR files
- Verify SHA-256 checksums in Windows
- Verify SHA-256 checksums in Linux
- Verify SHA-256 checksums in AIX
- Miscellaneous Configuration and Management Elements
- REST API Procedures
- TLS Cipher Suites
- Glossary
PowerProtect Data Manager Appliance 5.15.0.0 Security Configuration Guide for DM5500
Scopes of authority
A scope of authority represents the full association between users, roles, and data: a representation of who may perform what operations, and where. In this way, a scope of authority sets boundaries on user actions.
To define a scope of authority:
- Identify the use cases for which you must control access.
- Review any known limitations and prerequisites which may apply for each asset type. The PowerProtect Data Manager Appliance Release Notes and the user guides for each asset type provide more information.
- For each use case, identify the associated resources, and then create or edit a corresponding resource group. Resources and resource groups provides instructions.
- For each use case, identify the required operations for each user or group.
- Review the list of permissions, and then match each user or group to an appropriate role.
Role-based access control (RBAC) provides more information.
A user or group may require a combination of roles, such as Restore Administrator for some assets and User for others.
- Add or edit the required users and group mappings, and then specify the required roles.
Managing local identity provider users and
External authorization associations provide instructions.
During the role assignment process, select any resource groups to which the specified role or roles should apply.
NOTE:You can only limit the
Backup Administrator,
Restore Administrator, and
User roles to specific resource groups. The
Administrator and
Security Administrator roles have full access to all resources.
With different scopes of authority, you can distinguish between individuals with the same role in different contexts, such as administrators for different departments or projects. Example: protecting and isolating confidential information with scopes of authority provides a practical example.
You can also define scopes of authority to provide designated users with more control over their own data, such as performing self-service restores without administrator intervention. Example: providing self-service restores with scopes of authority provides a practical example.
Scopes of authority restrict users from learning about and accessing resources which belong to someone else. Users can only see and operate on resources which are part of their scope of authority.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\