Security Configuration for Virtualization

The Admin Console has predefined user groups and roles that you can use to manage security for users, hypervisors, VM groups, and virtual machines.

User Groups

By default, the Admin Console has the following user groups:

  • Administrator
  • Backup operator
  • Restore operator
  • View All


Roles define a set of permissions. By associating roles, user groups, and users with a particular hypervisor, you can control access to the hypervisor and grant permissions to perform actions. By default, the Admin Console has the following roles:

  • Administrator_Role
  • Alert Creator
  • Alert Owner
  • All Users Laptops
  • Backup operator_Role
  • Client Admins
  • Compliance
  • End Users
  • Master
  • MSP Subscription: Only for MSP administrators managing a multi-tenant environment.
  • Plan Creator Role
  • Plan Subscription Role
  • Restore operator_Role
  • View

Virtualization Requirements

For hypervisors, VM groups, or virtual machines, you can associate users or groups with roles to determine what actions users can perform. You can also assign users or groups as owners who have management permissions for those entities.

You can use predefined roles, modify predefined roles, or create new roles.

In general, the following permissions are required for general administrative users for virtualization:

  • All Alert permissions
  • The following Client permissions are required:
    • Agent Management
    • Agent Scheduling
    • Install Package/Update
    • Data Protection/Management Operations
    • Browse
    • In Place Recover
    • Out-of-Place Recover
    • In Place Full Machine Recovery
    • Out of Place Full Machine Recovery
    • Overwrite on restore
  • The following Commcell permissions are required:
    • License Management
    • Install Client
  • The following Global permissions are required:
    • Administrative Management
    • Job Management
    • Alert Management
    • View
    • Change security settings
    • Events Organizer
  • All Plan permissions
  • All Schedule Policy permissions
  • All Storage Management permissions
  • All User Management permissions

Note: In a multi-tenant environment, you should also include all Workflow permissions for VSA administrators.

Last modified: 3/28/2019 7:21:44 PM