Security Association Overview

Role-based security is typically used for administrators who need permissions on multiple entities. To use role-based security, you must create a security association between users or user groups, a role, and entities:

  • User or user group: The CommCell user or external user (for example, an Active Directory user) who is given access.

  • Role: A collection of permissions that defines the level of access granted to a user or a user group. Permissions allow users to perform tasks such as performing backup, restore, and administrative operations (for example, license administration) on entities.

  • Entity: A logical or physical component, for example, a client or a storage policy, that a user can access based on the user's role.

Security associations can be added at the user level, user-group level, or directly on an entity.

Permissions Required to Create Security Associations

To create security associations, you must have a role that includes the following:



The permission for the type of users in the security association:

  • Add, delete and modify user

  • Add, delete and modify user group

  • Add, delete and modify domain

The users, user groups, or domains included in the security association

Change security settings

The entities included in the security association

The same permissions as in the role you use to create the security association

The entities included in the security association


If User A wants to create a security association by assigning the Client Admins role to User Z on Client 1, then User A must have the following permissions:

  • Add, delete, and modify a user permission on User Z.

  • Change security settings permission on Client 1.

  • All of the permissions included in the Client Admins role on Client 1.

For more information on permissions, see Security Associations.