By default, Commvault creates an end-user role with substantial permissions which are not necessary for backup impersonation. So, we recommend you to create a new end-user role and assign the following permissions:
-
Browse
-
End User Access
-
Data Protection/Management Operations
-
Job Management
The end-users must be associated only with their backup set.
Note: Agent Management permission is required to edit the subclient properties. For more information on the available permissions and permitted actions, see User Administration and Security - Permissions and Permitted Actions.