- Notes, cautions, and warnings
- Disclaimer
- Preface
- Introduction
- Authentication
- Component access control
- Login security settings
- Log in to the PowerProtect Data Manager Appliance REST API
- User and credential management
- Authentication types and setup
- Multi-factor authentication
- iDRAC
- Identity providers
- Authentication to external systems
- Authorization
- Log Settings
- Network and Communication Security Settings
- Data Security Settings
- Cryptography
- Security certificates
- External component certificate management
- Security Updates and Patching
- Authenticity and Integrity
- About product authenticity and integrity
- Verification
- Verify the signer or signers for Windows binaries
- Verify the vendor for Linux (RPM-based) packages
- Verify the vendor for Linux (Debian-based) packages
- Verify GPG signatures for Linux (RPM-based) packages
- Verify the signature for JAR files
- Verify SHA-256 checksums in Windows
- Verify SHA-256 checksums in Linux
- Verify SHA-256 checksums in AIX
- Miscellaneous Configuration and Management Elements
- REST API Procedures
- TLS Cipher Suites
- Glossary
PowerProtect Data Manager Appliance 5.15.0.0 Security Configuration Guide for DM5500
System-provided roles and associated privileges
The following sections describe the built-in roles to which you can assign users:
Administrator role
The system Administrator role is responsible for setup, configuration, and all PowerProtect Data Manager Appliance management functions. The Administrator role provides systemwide access to all functionality across all organizations. One default Administrator role is assigned at PowerProtect Data Manager Appliance deployment. You can add and assign additional Administrator roles to users in your organization who require full access to the system.
User role
The User role is responsible for monitoring the PowerProtect Data Manager Appliance Dashboard, Activity Monitor, and Notifications. The User role provides read-only access to monitor activities and operations. Assign the User role to users in your organization who monitor Dashboard activities, Activity Monitor, and Notifications. Users with this role do not require the ability to configure the system or access backup data. Most privileges that are held by this role are read-only.
Security Administrator role
The Security Administrator role is defined for a limited set of users whose manage user accounts and roles, privileges, audit logs, and authentication sources. These functions are separate from the Administrator role. You can assign this role to individuals with security clearances who may not be responsible for day-to-day operations but who clear other users for access.
Backup Administrator role
The Backup Administrator role is responsible for defining, configuring, and completing protection tasks such as backup operations. Individuals with this limited access role do not require the full set of system administrator permissions. These users work with resources that the system administrator has already configured. The Backup Administrator role can backup assets and manage copies at the asset level but cannot back up at the protection policy level.
Restore Administrator role
The Restore Administrator role is responsible for completing restore operations. Individuals with this limited access role do not require the full set of system administrator permissions. These individuals work with backups that exist in protection storage and with resources that the system administrator has already configured.
Backup Restore Administrator role
The Backup Restore Administrator role is responsible for setup, configuration, and executing data management tasks such as copy export, backup operations and recovery operations. The role applies restriction on the Export and Backup operations to a specific set of users to be audited frequently on the ongoing activities. This role is unique and given to a specific individual(s) with specific security clearance only for managing PPDM data copy access and recovery operations and is also responsible for completing restore operations.
Security Officer role
This role is responsible for operations monitoring user that is primarily focused only on the PPDM Dashboard as well as PPDM's Activity Monitor and Notification Center. This is read-only role.
Role privileges
The following table details the privileges that correspond to each predefined role. Role privilege definitions provides more information about the allowed activities for each privilege.
| Category | Roles | ||||||
|---|---|---|---|---|---|---|---|
| Privilege | Administrator | User | Security Administrator | Backup Administrator | Restore Administrator | Backup Restore Administrator | Security Officer |
| Monitoring | |||||||
| View Alerts | Y | Y | N | Y | Y | Y | Y |
| Manage Alerts | Y | N | N | Y | Y | Y | N |
| View Historical Data | Y | Y | N | N | N | N | Y |
| View Activities | Y | Y | N | Y | Y | Y | Y |
| Manage Activities | Y | N | N | Y | Y | Y | N |
| Manage External Notifications | Y | N | N | N | N | N | N |
| Workflow Execution | Y | N | N | N | N | N | N |
| View Protection Activities | Y | Y | N | Y | N | Y | Y |
| View Recovery Activities | Y | Y | N | N | Y | Y | Y |
| View System Activities | Y | Y | N | N | N | N | Y |
| Security and System Audit | |||||||
| View Security/System Audit | Y | Y | Y | N | N | N | Y |
| Manage Security/System Audit | Y | N | Y | N | N | N | N |
| User and Security Management | |||||||
| View User Security | Y | Y | Y | N | N | N | Y |
| Manage User Security | Y | N | Y | N | N | N | N |
| Manage Multi Factor Authentication | Y | N | N | N | N | N | N |
| Manage Security Officer User Security | N | N | N | N | N | N | Y |
| View Security Officer User Security | N | N | N | N | N | N | Y |
| Support Assistance and Log Management | |||||||
| View Diagnostic Logs | Y | Y | N | N | N | N | Y |
| Manage Diagnostic Logs | Y | N | N | N | N | N | N |
| System Management | |||||||
| View System Settings | Y | Y | Y | Y | Y | Y | Y |
| Manage System Settings | Y | N | N | N | N | N | N |
| Asset Management | |||||||
| View Assets | Y | Y | Y | Y | Y | Y | Y |
| Manage Assets | Y | N | N | Y | N | Y | N |
| View Asset Sources | Y | Y | N | Y | Y | Y | Y |
| Manage Asset Sources | Y | N | N | N | N | N | N |
| Manage Discovery Jobs | Y | N | N | N | N | N | N |
| View Host | Y | Y | N | Y | Y | Y | Y |
| Manage Host | Y | N | N | N | Y | Y | N |
| View Protection Engines | Y | Y | N | Y | Y | Y | Y |
| Manage Protection Engines | Y | N | N | N | N | N | N |
| View Search Engines | Y | Y | N | Y | Y | Y | Y |
| Manage Search Engines | Y | N | N | N | N | N | N |
| Manage Application Agents | Y | N | N | Y | N | Y | N |
| View Application Agents | Y | Y | Y | Y | N | Y | N |
| Storage Management | |||||||
| View Protection Storage Targets | Y | Y | N | Y | Y | Y | Y |
| Manage Protection Storage Targets | Y | N | N | N | N | N | N |
| View Storage Array | Y | Y | N | Y | Y | Y | Y |
| Manage Storage Array | Y | N | N | N | N | N | N |
| Manage Network | Y | N | N | N | N | N | N |
| Protection Policy | |||||||
| View Policies | Y | Y | N | Y | N | Y | Y |
| Manage Policies | Y | N | N | N | N | N | N |
| Recovery and Reuse Management | |||||||
| Rollback to Production | Y | N | N | N | Y | Y | N |
| Recovery to Alternate Location | Y | N | N | N | Y | Y | N |
| Export for Reuse | Y | N | N | N | Y | Y | N |
| View Restore Plan | Y | Y | N | N | Y | Y | N |
| Manage Restore Plan | Y | N | N | N | Y | Y | N |
| Execute Restore Plan | Y | N | N | N | Y | Y | N |
| SLA Compliance Management | |||||||
| View SLA/SLO | Y | Y | N | Y | N | Y | Y |
| Manage SLA/SLO | Y | N | N | N | N | N | N |
| Copy Management | |||||||
| View Copies | Y | N | N | Y | Y | Y | N |
| Manage Copies | Y | N | N | Y | N | Y | N |
| View Retention Range | Y | N | N | Y | N | Y | N |
| Manage Retention Range | Y | N | N | N | N | N | N |
| Delete Copies | Y | N | N | N | N | N | N |
| All Copies Search | Y | N | N | N | N | N | N |
| Resource Group | |||||||
| View Resource Groups | Y | Y | Y | N | Y | N | Y |
| Manage Resource Groups | Y | N | Y | N | N | N | N |
| Credential Management | |||||||
| Manage All Credentials | Y | N | N | N | N | N | N |
| Manage Own Credentials | Y | N | N | N | Y | Y | N |
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\