Security Configuration for Virtualization

The Command Center has predefined roles that you can use to manage security for users, hypervisors, VM groups, and virtual machines.


Roles define a set of permissions. By associating roles, user groups, and users with a particular hypervisor, you can control access to the hypervisor and grant permissions to perform actions. By default, the Command Center has the following roles:

  • Master

  • View

  • End Users

  • Compliance

  • Client Admins

  • All Users Laptops

  • Plan Subscription Role

  • Schedule Policy Creator

  • Plan Creator Role

  • Subclient Policy Owner

  • Client Group Creator

  • Tenant Admin

  • Derived Plan Creator Role

  • Data Controller

  • Tenant Access

  • Case Manager User

  • Case Manager Reviewer

  • MSP Subscription (only for MSP administrators managing a multi-tenant environment)

  • Alert Owner

  • VM End User

  • Tenant Operator

Virtualization Requirements

For hypervisors, VM groups, or virtual machines, you can associate users or groups with roles to determine what actions users can perform. You can also assign users or groups as owners who have management permissions for those entities.

You can use predefined roles, modify predefined roles, or create new roles.

In general, the following permissions are required for general administrative users for virtualization:

  • All Alert permissions

  • The following Client permissions are required:

    • Agent Management

    • Agent Scheduling

    • Install Package/Update

    • Data Protection/Management Operations

    • Browse

    • In Place Recover

    • Out-of-Place Recover

    • In Place Full Machine Recovery

    • Out of Place Full Machine Recovery

    • Overwrite on restore

  • The following Commcell permissions are required:

    • License Management

    • Install Client

  • The following Global permissions are required:

    • Administrative Management

    • Job Management

    • Alert Management

    • View

    • Change security settings

    • Events Organizer

  • All Plan permissions

  • All Schedule Policy permissions

  • All Storage Management permissions

  • All User Management permissions