> Essential > Commvault for Managed Service Providers (MSPs) > Backup as a Service (BaaS) > Service Deployment > Fully Managed Service Deployments > Setup for a Tenant Company > Customizing Tenant Permissions for Virtual Machines

Associating Users with Roles (Fully Managed Deployments)

You can associate users or user groups with roles to control the tasks that users can perform in the Command Center.

Considerations

  • For tasks that tenants cannot perform, they can submit service requests to the service provider. For example, incremental backups are performed by default, but a tenant can submit a service request to the service provider to request a full backup.

  • The following tasks might be visible to tenant users, but can only be executed by the service provider:

    • Configure replication

    • Live mount

    • View active mounts

  • If users are allowed to perform out-of-place restores for full VMs, they are effectively creating new VMs in the shared infrastructure. For that reason, use the custom VM Owner role to prevent VM owners from performing out-of-place restores of their VMs.

Tasks That Can Be Performed for Each Role

The following table shows the tasks that users can perform, based on the role assignments for the user.

Task

End Users (default role)

Client Admins (default role)

VM Owner (custom role)

View VM protection history

Yes

Yes

Yes

View performance against VM Service Level Agreement (SLA)

Yes

Yes

Yes

Incremental backup, Suspend, Resume, Kill

Yes

Yes

Yes

View jobs, job details, logs

Yes

Yes

Yes

Restore – Guest files (in place, out of place)

No

Yes

Yes

Restore – full virtual machine (in place)

No

Yes

Yes

Restore – full virtual machine (out of place)

No

Yes

No

Restore – download files (in browser)

No

No

No

Restore – Live mount

No

No

No

View or change service plan (Do not backup)

No

No

No

Configure replication

No

No

No

Assign additional owners, permissions

No

No

No

Before You Begin

Create the following user groups:

  • Tenant Administrators

  • Tenant End Users

  • VM Owners

Procedure

  1. From the navigation pane, go to Manage > Security.

    The Security page appears.

  2. Click the Roles tile.

    The Roles page appears.

  3. Associate the following user groups with the corresponding roles:

    • Associate the Tenant End Users group with the End Users role.

    • Associate the Tenant Administrators group with the Client Admins role.

    • Associate the VM Owners group with the VM Owner role.

  4. To configure each role, perform the following actions:

    1. For the role, click the button in the Actions column and then select Edit.

      The Edit role dialog box appears.

    2. Under Security, click Edit.

    3. Enter the user group name on the left, select the role from the list, and then click Add.

    4. Click Save.

  5. In the Edit role dialog box, click Save.

Creating a User Group

Loading...