> Essential > Virtualization > Information for All Virtualized Platforms

Security Configuration for Virtualized Platforms

The Command Center has predefined roles that you can use to manage security for users, hypervisors, VM groups, and virtual machines.

Roles

Roles define a set of permissions. By associating roles, user groups, and users with a particular hypervisor, you can control access to the hypervisor and grant permissions to perform actions. By default, the Command Center has the following roles:

  • Master

  • View

  • End Users

  • Compliance

  • Client Admins

  • All Users Laptops

  • Plan Subscription Role

  • Schedule Policy Creator

  • Plan Creator Role

  • Subclient Policy Owner

  • Client Group Creator

  • Tenant Admin

  • Derived Plan Creator Role

  • Data Controller

  • Tenant Access

  • Case Manager User

  • Case Manager Reviewer

  • MSP Subscription (only for MSP administrators managing a multi-tenant environment)

  • Alert Owner

  • VM End User

  • Tenant Operator

Virtualization Requirements

For hypervisors, VM groups, or virtual machines, you can associate users or groups with roles to determine what actions users can perform. You can also assign users or groups as owners who have management permissions for those entities.

You can use predefined roles, modify predefined roles, or create new roles.

In general, the following permissions are required for general administrative users for virtualization:

  • All Alert permissions

  • The following Client permissions are required:

    • Agent Management

      Starting with Commvault 2023E, to view and modify the No. of readers setting and the Transport mode setting for VM groups, this permission is required on the first access node that is configured at the VM group level. If there are no access nodes at the VM group level, then the permission is required on the first access node that is configured at the hypervisor level.

    • Agent Scheduling

    • Install Package/Update

    • Data Protection/Management Operations

    • Browse

    • In Place Recover

    • Out-of-Place Recover

    • In Place Full Machine Recovery

    • Out of Place Full Machine Recovery

    • Overwrite on restore

  • The following Commcell permissions are required:

    • License Management

    • Install Client

  • The following Global permissions are required:

    • Administrative Management

    • Job Management

    • Alert Management

    • View

    • Change security settings

    • Events Organizer

  • All Plan permissions

  • All Schedule Policy permissions

  • All Storage Management permissions

  • All User Management permissions

Loading...