User Administration and Security for HIPAA


This section describes how the Commvault  software addresses the following HIPAA rules:

  • "Unique user identification", Section 164.312(a)(2)(i))

All users who perform functions within the CommCell Console environment must have a CommCell Console user account (local user) or be a member of a domain (external user) that registers with the CommCell Console environment.

Role-based security is typically used for administrators who need permissions on multiple entities. To use role-based security, you must create a security association between users or user groups, a role, and entities:

  • User: The CommCell user or external user (for example, an Active Directory user) who is given access. The user account contains information about the user and each user name is unique.

  • User Group: User groups are a collection of users that make it easy to control a large number of users. Properties and security associations selected for the user group apply to all of the users in the group.

  • ¬†Permissions: Permissions allow users to perform tasks such as performing backup, restore, and administrative operations (for example, license administration) on entities.

  • Role: A collection of permissions that defines the level of access granted to a user or a user group.

Security associations can be added at the user level, user-group level, or directly on an entity.

For a comprehensive description of the Commvault user administration security, see User Administration and Security Overview.