V11 SP8

Enabling ACLs (Access Control Lists) during Backups

This page applies to Windows and Macintosh only.

During backups, the metadata information associated with the files is collected, stored in the backup index and is available for search/browse. By default, end-users can browse and search all the data backed up from a common resource like a shared laptop or file server. You can control the end-user access on such common resources by enabling access control on the client data.

When you enable access control on client data, the access control lists (ACLs) for the data are also included in the backup, which in turn, allow users to access only the files and folders for which they have access permissions. Other files and folders for which the user does not have permissions will be filtered and hidden during Find, Browse, Restore, and Erase Data operations.

Remember: This option is only available for users who log in with their Active Directory credentials.

Before You Begin

  • To view the user data, ensure that End User Access permission is configured on the client computer. For instructions, see Configuring End-User Operations on Client Computers.

    Assigning the End User Access permission helps maintain multiple user profiles on the same laptop (or desktop) and ensures that each user has the ability to access only the data for which the user has access permissions.

  • By default, you can access data backed up by the Default subclient on the Web Console. To browse user data backed up by non-default subclients on the Web Console, enable browse for non-default subclients. For instructions, see Enabling Data Browse from Non-Default Subclients.


  1. From the CommCell Browser, expand Client Computers > Client > File System > Backup Set.
  2. Right-click the subclient and click Properties.
  3. Click the Advanced Options tab and select  Catalog ACL (end user access control list).
  4. Click OK.

What To Do Next

After enabling access control, run a full backup on the subclient to include the ACLs in the backup data. Conversely, if you run a differential or incremental backup, only the newer data will include the ACLs.