This section describes how the Commvault software addresses the following HIPAA rules:
- "Unique user identification", Section 164.312(a)(2)(i))
All users who perform functions within the CommCell Console environment must have a CommCell Console user account (local user) or be a member of a domain (external user) that registers with the CommCell Console environment.
Role-based security is typically used for administrators who need permissions on multiple entities. To use role-based security, you must create a security association between users or user groups, a role, and entities:
-
User: The CommCell user or external user (for example, an Active Directory user) who is given access. The user account contains information about the user and each user name is unique.
-
User Group: User groups are a collection of users that make it easy to control a large number of users. Properties and security associations selected for the user group apply to all of the users in the group.
-
Permissions: Permissions allow users to perform tasks such as performing backup, restore, and administrative operations (for example, license administration) on entities.
-
Role: A collection of permissions that defines the level of access granted to a user or a user group.
Security associations can be added at the user level, user-group level, or directly on an entity.
For a comprehensive description of the Commvault user administration security, see User Administration and Security Overview.