The following table lists the features with their required permission and their required entity association in the CommCell Console. The Associated CommCell Entities column lists the minimum level of entity association a user or user group needs to perform the function. To see this information sorted by permission and associated CommCell entity, see the Permissions and Permitted Actions.
1-Touch
Task |
Permission |
Associated CommCell Entities |
---|---|---|
1-Touch operations |
Administrative management Browse End User Access Out-of-place Recover In Place Recover Install Package/Update Install Client Agent Management Overwrite on Restore |
Clients and Client Computer Groups where you installed the Windows File System Agent or the Linux File System Agent. |
Data Insights Permissions
You can use the system-generated roles such as Data Controller or Compliance, or you can add the permissions to user-defined roles.
User roles |
Permissions |
Associated CommCell entities |
---|---|---|
Case Manager User |
|
Exchange user mailbox, Journal mailbox, or SMTP clients where the custodian data is backed up |
Case Manager Reviewer |
|
Exchange user mailbox, Journal mailbox, or SMTP clients where the custodian data is backed up |
Compliance Officers |
|
Servers or server groups |
|
|
CommCell |
Data Processor (reviewer) |
No permissions are needed |
Advanced File System iDataAgent Options
On-Demand Data Protection
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Run on-demand data protection jobs |
Data Protection/Management Operations |
Backup set |
Create a new on-demand backup set |
Agent Management |
Restore Data Using a Map File and Restore by Jobs
Task |
Permission |
Associated CommCell Entities |
---|---|---|
If data is being recovered to the same destination as the original data protection operation |
In Place Recovery |
At least subclient level association at the source client |
If data is being recovered to a different destination than the original data protection operation: Source Client |
Out of Place Recovery |
At least backup set/instance association |
If data is being recovered to a different destination than the original data protection operation: Destination Client (same platform as the source Client) |
In Place Recovery |
At least Agent level association |
If data is being recovered to a different destination than the original data protection operation: Destination Client (different platform from the source Client) |
In Place Recovery |
At least Client level association |
Agents
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Modify and perform operations specific to an agent. |
Agent Management |
Agent |
Install an agent on the CommCell. Note: This operation requires this permission only when the Authentication for Agent Installs feature is enabled. |
Install Package/Update, Install Client |
Client |
Alerts
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Create an alert. Note: The user who creates the alert is automatically assigned the Alert Owner role on the new alert. The Alert Owner role includes the following permissions:
|
Create Alert |
CommCell To view custom alerts, you must have Execute permission under custom rules at the CommCell level. |
Add entities to a new alert. Note: Not all alerts require entities. |
Alert Management |
You must have the Alert Management permission on the entities you are adding to the alert. |
Add entities to an existing alert. Note: Not all alerts require entities. |
|
Alert for Edit Alert Associations or Edit Alert You must have the Alert Management permission on the entities you are adding to the alert. |
Add notification recipients to a new alert. |
Create Alert |
CommCell |
Add notification recipients to an existing alert. |
Add/Remove Recipients or Edit Alert |
Alert |
Modify an alert. Note: For the permissions and the entities needed to modify the security associations on an alert, see the "Security Associations" section on this page. |
Edit Alert |
Alert |
View an alert. |
Any of the alert permissions |
Alert |
Delete an alert. |
Delete Alert |
Alert |
Modify or delete an alert on a schedule or schedule policy. |
See the "Scheduling" and "Schedule Policy" sections on this page. |
|
Create alert rules. |
|
CommCell |
Use alert rules to create alerts. |
Alternate Data Paths (GridStor)
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Configure a storage policy copy for alternate data paths, and delete data paths from the copy. |
Storage Policy Management |
Storage Policy |
App Studio
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Access an application that was created in the App Studio. |
Access Application |
Any Custom Application |
Change the schema of an application that was created in the App Studio. |
Change Application Schema |
Any Custom Application |
Create a custom application in the App Studio. |
Create Application |
Any Custom Application |
Access records in a table that is in an application in the App Studio. |
Access Records |
Table in a custom application |
Change the schema for a table in an application in the App Studio. |
Change Table Schema |
Table in a custom application |
Create a table in an application in the App Studio. |
Create Table |
Table in a custom application |
Application-Free Restore
This operation includes the following.
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Restore databases directly to a disk from the CommCell Console without the use of the database application. |
Out of Place Recover (Source Client) Browse (Destination Client) In Place Recover (Destination Client) |
The Out of Place Recover permission at the backup set or instance at the source client and The Browse and In Place Recover permissions at the agent level of the destination client |
Archive
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Configure and perform archive operations. |
Data Protection/Management Operations |
Archive Set, Instance, Subclient |
Configure offline archive options in Outlook Add-In. |
Local administrative privileges are required by users logged into the Outlook Add-In client. |
N/A |
Audit Trail
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Track the operations of users who have access to the CommCell and set or modify the Audit Trail settings. |
Administrative Management |
CommCell |
Automatic Updates/Upgrade
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Configure, download, and install software upgrades. |
Administrative Management |
CommCell |
Install Package/Update |
Client |
|
Install Client |
CommCell |
Auxiliary Copy
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Run an auxiliary copy operation. |
Administrative Management |
CommCell |
Run an auxiliary copy operation for a storage policy. |
Storage Policy Management |
Storage Policy |
Backup Copy
Task |
Permission |
Associated CommCell Entities |
---|---|---|
|
Data Protection/Management Operations Storage Policy Management |
Client/Subclient Storage Policy |
Backup Set
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Create a backup set. |
Agent Management |
Agent |
Modify and delete a backup set. |
Backup Set |
Blackout Window
Operation rules for a blackout window can be defined at the following CommCell levels.
Task |
Permission |
Associated CommCell Entities |
---|---|---|
CommCell |
Administrative Management |
CommCell |
Client Computer Group |
Administrative Management |
Client Computer Group |
Client |
Agent Management |
Client |
Agent |
Agent Management |
Agent |
Subclient |
Agent Management |
Subclient |
Browse
Perform a browse operation at the following CommCell levels.
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Client |
Browse Note: Users with the Browse permission can browse all of the data. |
Client |
Agent |
Agent |
|
Backup Set |
Backup Set |
|
Instance/Partition |
Instance/Partition |
|
Replication Set |
Replication Set |
|
Subclient |
Subclient |
Browse Recoveries and Find Recoveries from Windows File System
Description |
Permission |
Associated CommCell Entities |
---|---|---|
You can perform ACL-based browse and restore for the Windows File System. |
End User Access Note: Users with End User permissions can browse data owned by them. Assigning End User Access permission helps to maintain multiple user profiles on the same laptop (or desktop) and ensures that users have the ability to browse and restore only the data to which they have access. |
CommCell |
Case Manager
User |
Permission |
Associated CommCell Entities |
---|---|---|
Case Manager users or user groups |
|
Client group with the following entities:
|
Client
Perform the following functions for a client.
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Register a client from the client level |
Install Client |
CommCell |
|
Agent Management The Storage Policy Management permission is also required for the following tasks:
|
Client, Client Computer Group |
Retire a client |
Delete client |
CommCell, Client Computer Group, Client |
Client Computer Group
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Create a client computer group. Note: The user who creates the client computer group is automatically assigned the Client Group Creator role on the new client computer group. The Client Group Creator role includes the following permissions:
|
Create Client Group |
CommCell |
Modify client computer group properties |
Agent Management |
Client Computer Group |
Set Activity Control from the client computer group level |
Agent Management (CommCell Console), Agent Management or Job Management (Command Center) |
Client Computer Group |
Delete client groups |
Delete Client Group, Administrative Management, and Agent Management |
Client Computer Group |
Add clients to or remove clients from a client computer group when associations are listed on the Security tab in the Client Group dialog box |
|
|
Add clients to or remove clients from a client computer group when no associations are listed on the Security tab in the Client Group dialog box |
|
|
Modify smart client computer group rules (automatic associations) |
Change Client Associations, Administrative Management and Agent Management |
Client Computer Group |
Modify owner of smart client group |
Agent Management and Change Client Associations |
Client Computer Group |
Content Indexing and Search
Task |
Permission |
Associated CommCell Entities |
---|---|---|
|
Administrative Management |
CommCell |
Access the Search Admin page |
Administrative Management |
Web Server Client |
Add or modify comments to discovered items |
Annotation Management |
CommCell/Client group/Client/Agent/Backup Set |
|
Compliance Search |
CommCell/Client group/Client/Agent/Backup Set |
Search data that has been content indexed on the associated entities that are owned by the user. |
End User Access |
CommCell/Client group/Client/Agent/Backup Set |
|
Legal Hold Management |
CommCell/Client group/Client/Agent/Backup Set |
|
Tag Management |
CommCell/Client group/Client/Agent/Backup Set |
Share a review set with a user in a different user group |
View |
The user group entity of the shared user |
Control Panel
Add or modify the parameters available in the Control Panel.
Task |
Permission |
Associated CommCell Entities |
---|---|---|
License Administration |
License Management |
CommCell |
All parameters |
Administrative Management |
CommCell |
CommCell Migration
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Migrate clients from one CommCell to another |
Administrative Management |
CommCell |
CommServe
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Modify CommServe properties. |
Administrative Management |
CommCell |
Custom Calendar
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Define custom calendars to suit the needs of your organization |
Administrative Management |
CommCell |
Data Aging
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Run a data aging operation |
Administrative Management |
CommCell |
Data Collection
Perform Data Collection operations at the following CommCell Levels.
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Agent |
Agent Management |
Agent |
Subclient |
Agent Scheduling |
Subclient |
Data Compression
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Enable software compression for the Agent |
Agent Management |
Agent |
Enable hardware compression for a data path from a storage policy copy to which the data path is associated |
Storage Policy Management |
Storage Policy |
Data Cube
Perform the following functions in Data Cube using APIs.
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Add data sources in Data Cube using API. |
Data Connector |
Index Server pseudo-client (under Client Computer Groups > Index Server Group) |
Applies To: File System Data Source Paths on the access node used for the data source. |
|
Access node client |
Applies To: File System Data Source UNC paths and paths on the access node used for the data source. |
|
Access node client |
Install Client |
CommCell |
|
View data sources that are shared with the user. |
The user with whom the data source is shared must be able to access the Web Console. No additional permissions are required. |
n/a |
Create reports from data sources in Data Cube. |
Add Report |
CommCell |
Data Encryption
Set Data Encryption at the following CommCell Levels.
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Client |
Agent Management |
Client |
Subclient |
Agent |
Data Interface Pairs
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Configure data interface pairs |
Administrative Management |
CommCell |
Data Multiplexing
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Configure a copy for Data Multiplexing |
Storage Policy Management |
Storage Policy |
Data Protection
Note: The associated object is the object from which the data protection operation is being initiated.
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Configure and perform the following data protection operations:
|
Data Protection/Management Operations |
Backup Set/Archive Set, Instance/Partition, Subclient |
Data Verification
Perform the following data verification functions.
Task |
Permission |
Associated CommCell Entities |
---|---|---|
|
Storage Policy Management |
Storage Policy |
Database Space Check Interval
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Set the Database Space Check Interval |
Administrative Management |
CommCell |
Deconfigure
Deconfigure the following CommCell Objects.
Task |
Permission |
Associated CommCell Entities |
---|---|---|
MediaAgent |
MediaAgent Management |
CommCell |
Client |
Agent Management |
Client |
Agent |
Agent |
Note
The Deconfigure operation requires the Install Package/Update and Install Client permissions only when the Authentication for Agent Installs feature is enabled.
Deployment
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Install new client Interactive Install when the CommServe Authentication is available Remote Install / Silent Install |
Install Package/Update, Install Client Note: Administrative Management permission is required when installing, registering, and uninstalling DB packages. |
Client, CommCell |
Install Agent on existing client |
||
Register a Client |
||
Uninstall and repair software using the CommCell Console |
Disaster Recovery Backup
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Configure and perform Disaster Recovery Backups |
Administrative Management |
CommCell |
Delete Backup and Archive Data
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Configure and perform a Delete Backup or Archive Data using the CommCell Console. |
Administrative Management |
CommCell |
Erase Backup/Archived Data from the DataArchiver Outlook Add-In
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Perform the following Erase Data operations from the DataArchiver Outlook Add-In:
|
End User Access, Administrative Management |
CommCell |
Event Viewer
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Set the maximum number of events to be retained in the Event Viewer. |
No rights are required. |
No rights are required. |
Filters
Perform the following filters functions.
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Create Global Filters. |
Administrative Management |
CommCell |
|
Agent Management |
Subclient |
Enable CSVDE filtering for discovery operations. |
Agent Management |
Agent |
Hardware Maintenance
Modify the following hardware maintenance settings.
Task |
Permission |
Associated CommCell Entities |
---|---|---|
|
Administrative Management |
CommCell |
HyperScale
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Configure and manage HyperScale Storage Pool |
Create Storage policy MediaAgent Management |
Associated HyperScale MediaAgents |
In Place Recover
Browse and recover to the same place as the original data protection operation. These operations include the following.
Task |
Permission |
Associated CommCell Entities |
---|---|---|
|
In Place Recover Note This operation also requires the Browse permission. Note for File System Agents: To overwrite files during a restore to the same location, the Overwrite on Restore permission is required. |
Client/Agent/Backup Set/Instance/Partition/Replication Set |
Index Cache
See the "MediaAgent" section on this page.
Instance/Partition
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Create, modify, and delete an instance/partition. |
Agent Management |
Instance/Partition |
Job Management
Note: When performing an action on multiple jobs in the Job Controller, the correct permission and object association for all of the selected jobs are necessary. If a user is missing the correct permission, the group action cannot be performed on any of the jobs. The user who initiated a job can perform Job Controller functions for that job regardless of permission or object association.
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Perform the following Job Management configuration functions:
|
Administrative Management |
CommCell |
Perform the following Job Controller functions:
|
Job Management |
CommCell |
Suspend, resume, and kill selected jobs and groups of jobs. |
Job Management |
Entity the job is associated with |
Expert Storage Configuration
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Configure and de-configure libraries and drives. |
Administrative Management |
MediaAgent |
|
MediaAgent Management To enable these tasks or operations, go to Control Panel > Media Management, and on the Service Configuration tab, set Provide user with MediaAgent management rights additional capabilities for libraries, data paths, and storage policies to 1. |
MediaAgent |
Export media or schedule export media. Note: Users who are not a member of the View All user group would not be able to view/browse the export locations. However, they can manually enter the export location and successfully complete the export operation.
|
Library Administration |
Library / Client Computer Group |
Export media or schedule export media. Note: Users who are not a member of the View All user group would not be able to view/browse the export locations. However, they can manually enter the export location and successfully complete the export operation.
|
Library Management Library Management is a superior permission with critical library management rights, in addition to all the rights in Library Administration permission. |
Library / Client Computer Group |
License
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Add and update a license. |
License Management and Administrative Management |
CommCell |
List Media
View the list of media required for browse/data recovery operations.
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Client |
Browse |
Client |
Agent |
Agent |
|
Backup Set |
Backup Set |
|
Instance/Partition |
Instance/Partition |
|
Subclient |
Subclient |
Log Files
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Send and view log files. |
Agent Management or Collect Diagnostics |
Client |
MediaAgent
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Modify MediaAgent properties including the Index Cache, and perform MediaAgent operations. |
MediaAgent Management |
MediaAgent / Client Computer Group |
Monitoring Policy
The permissions apply to log monitoring and system monitoring policies unless otherwise noted.
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Create a monitoring policy. |
No rights are required. Note: The user creating the monitoring policy must have the Administrative Management or Agent Management permission on the client or client group that contains the logs to be monitored. |
N/A |
|
Delete Monitoring Policy |
Monitoring Policy |
Execute or run a monitoring policy. |
Execute Monitoring Policy |
Monitoring Policy |
Edit a monitoring policy. |
Edit Monitoring Policy Note: The user creating the monitoring policy must have the Administrative Management or Agent Management permission on the client or client group that contains the logs to be monitored. |
Monitoring Policy |
View a monitoring policy. |
View |
Monitoring Policy |
Name Change
Task |
Permission |
Associated CommCell Entities |
---|---|---|
CommServe name change |
Administrative Management |
CommCell |
Client name change |
Administrative Management |
CommCell |
MediaAgent name change |
Media Management |
MediaAgent / Client Computer Group |
NAS Client Configuration
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Create NAS clients |
Install Client |
CommCell |
Out of Place Recover
Browse and recover to a different place than the original data protection operation. These operations include the following.
Task |
Permission |
Associated CommCell Entities |
---|---|---|
|
Out of Place Recover (Source Client) In Place Recover (Destination Client) |
At least Backup Set or Instance/Partition at the source client/Replication Set and The In Place Recovery permission at the agent level of the destination client. If the destination client is on a different platform than the source client (for example, a Unix File System client and a Windows File System client), then In Place Recovery with at least client level association at the destination client is needed. |
Plans
Task |
Permission |
Associated CommCell entities |
---|---|---|
Create a plan |
Create Plan |
CommCell |
Edit a plan |
Edit Plan |
The entity that uses the plan |
Delete a plan |
Delete Plan |
The entity that uses the plan |
Add a plan to or remove a plan from an entity |
Use Plan |
The entity that uses the plan |
Pre-processes and Post-processes
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Configure |
Agent Management |
Agent |
Add pre-processes and post-processes for data recovery operations |
Agent Management and the In Place or Out of Place Recover permission |
Agent |
Remove a pre-processes and post-processes for data protection/archive operations |
Agent Management and Data Protection/Management Operations |
Agent |
Configure pre-processes and post-processes for Disaster Recovery Backup operations |
Administrative Management |
CommCell |
Run subclient pre-process commands and post-process commands using a local system account. |
Run Command with System Account |
Subclient |
Run subclient pre-process and post-commands using an impersonated user. |
Run Command with User Account |
Subclient |
Recovery Point
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Schedule the creation and back up of a Recovery Point. |
Agent Scheduling |
Replication Set |
|
Data Protection/Management Operations |
Reports
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Add a data source for reports that were downloaded from the Commvault Store or built with Build Your Own Reports. |
Add Datasource |
CommCell |
Delete data sources used in reports that were downloaded from the Commvault Store or built with Build Your Own Reports. |
Delete Datasource |
CommCell |
Edit data sources for reports that were downloaded from the Commvault Store or built with Build Your Own Reports. |
Edit Datasource |
CommCell |
Query data sources for reports that were downloaded from the Commvault Store or built with Build Your Own Reports. |
Query Datasource |
CommCell |
Create a new report using Build Your Own Reports. |
Add Report |
CommCell |
Delete reports that were downloaded from the Commvault Store or built with Build Your Own Reports. |
Delete Report |
CommCell |
Edit reports that were downloaded from the Commvault Store or built with Build Your Own Reports. |
Edit Report |
CommCell |
View reports that were downloaded from the Commvault Store or built with Build Your Own Reports. |
Execute Report |
CommCell |
Publish reports to the Download Center. |
|
|
Download reports from the Commvault Store. |
Create Report |
CommCell |
View and run reports on CommCell Console. |
Report Management |
Any entity that you want to view in reports such as clients, storage policies, libraries, and any other available entity in the CommCell Console. |
View Metrics reports on WebConsole>. |
Report Management |
Pseudo CommCell Client/CommCell Group level or higher |
View the SLA Report and the Job Summary Report on the Web Console. |
Report Management |
Client level or higher |
Change the permissions for a report or a data set. |
Change Security Settings |
CommCell (for all reports) |
Replication Pair
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Delete a Replication Pair. |
Agent Management |
Replication Set |
Start/suspend/resume/abort Replication Pairs. |
Job Management |
Replication Set
Task |
Permission |
Associated CommCell Entities |
---|---|---|
|
Agent Management |
Replication Set |
Start/suspend/resume/abort Replication Sets. |
Job Management |
Schedule Policy
Note: Only a user who created the schedule policy or a user who is associated with all of the objects associated with the schedule policy can change the schedule pattern.
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Delete a schedule policy. |
Delete Schedule Policy |
Schedule Policy |
Modify an alert on a schedule or schedule policy. |
Alert Management Note:
|
CommCell |
Delete an alert from a schedule or schedule policy. |
Administrative Management Note:
|
Client Computer Group, Client, Agent, Backup Set, Instance/Partition, Subclient, Library, MediaAgent, Storage Policy, Tracking Policy Note: The necessary associated object depends on the entity for which the alert is created. |
Data Protection Schedule Policy
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Create and clone a Data Protection schedule policy. |
Create Schedule Policy |
CommCell |
|
Client |
|
Modify a Data Protection schedule policy. |
Edit Schedule Policy |
Schedule Policy |
Add entities to or remove entities from a Data Protection schedule policy. |
|
|
Run the schedules of a Data Protection schedule policy immediately. |
|
Agent, Backup Set, Instance/Partition/Subclient |
Decouple a scheduled job from a Data Protection schedule policy. |
|
Schedule Policy |
Auxiliary Copy Schedule Policy
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Create and clone an auxiliary copy schedule policy. |
Create Schedule Policy |
CommCell |
|
Storage Policy |
|
Modify an auxiliary copy schedule policy. |
Edit Schedule Policy |
Schedule Policy |
Add entities to or remove entities from an auxiliary copy schedule policy. |
Edit Schedule Policy Associations |
Schedule Policy |
|
Storage Policy Management |
Storage Policy |
Run the schedules of the auxiliary copy schedule policy immediately. |
Operations on Storage Policy \ Copy |
Storage Policy |
Scheduling
Note: The user who created the schedule can also view it without any permission or object association.
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Add, modify, disable, delete, and view data protection operation schedules. |
Note: This operation also requires the Data Protection/Management Operations, In Place Recover, and Out of Place Recover permissions respectively for Data Protection and Data Recovery Schedule. |
Agent, Backup Set, Instance/Partition/Subclient |
Add, modify, disable, delete, and view data recovery operation schedules. |
Note: This operation also requires the Data Protection/Management Operations, In Place Recover, and Out of Place Recover permissions respectively for Data Protection and Data Recovery Schedule. |
|
|
Administrative Management |
CommCell |
Delete an alert from a schedule or schedule policy. |
Administrative Management Note:
|
Client Computer Group, Client, Agent, Backup Set, Instance/Partition, Subclient, Library, MediaAgent, Storage Policy, Tracking Policy Note: The necessary associated object depends on the entity for which the alert is created. |
Modify an alert on a schedule or schedule policy. |
Alert Management |
CommCell |
Create schedules for the Vault Tracker Policy. Note: The user who creates a schedule can view, delete, disable, or modify the schedules without any capability or object association. |
Vault Tracker Operations |
Entities other than CommCell |
Security Associations
To create a security association, you must have all of the following permissions on the entities listed:
Task |
Permission |
Entity |
Create a security association: a three-way mapping of a role, users, and entities. |
View This permission is required if security was enabled for roles. For information on enabling security for roles, see Enabling Security on Roles. |
Role |
Add, delete and modify a user Add, delete and modify a user group Add, delete and modify a domain |
The users, user groups, or domains that are included in the security association |
|
Change security settings |
The entities that are included in the security association |
|
A role that includes all of the same permissions as the role included in the security association |
The entities that are included in the security association |
|
Example User A wants to assign Role1 to User Group1 on Client001 and MediaAgent001. Role1 has the Administrative Management and Agent Management permissions. User A must have the following:
|
For information on the permissions needed for user management, see the "User Administration and Security" section on this page.
Single Sign On
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Enable Single Sign On to use Active Directory credentials to access the CommServe |
Add, delete and modify a domain |
Domain |
Snapshots
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Configure, activate, and deactivate snapshots. |
Agent Management |
Agent |
Add, delete, and configure a storage array in the Array Management application. |
Administrative Management |
CommCell |
Storage Policy and Storage Policy Copy
Task |
Permission |
Associated CommCell Entities |
---|---|---|
|
Storage Policy Management |
MediaAgent / Client Computer Group |
|
Storage Policy Management |
Storage Policy / Client Computer Group |
Create, modify, and delete storage policies and storage policy copies associated with a MediaAgent. |
MediaAgent Management To enable these tasks or operations, go to Control Panel > Media Management, and on the Service Configuration tab, set Provide user with MediaAgent management rights additional capabilities for libraries, data paths, and storage policies to 1. |
MediaAgent / Client Computer Group |
Job operations. For example, marking a job bad, changing job retention. |
Agent Management |
Storage Policy / Client |
Streams
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Combine the data streams of a storage policy copy. |
Storage Policy Management |
Storage Policy / Client Computer Group |
Subclient Policy
Note: The associated object is the object from which the data protection operation is being initiated.
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Create a subclient policy. |
|
|
|
Edit Subclient Policy |
Subclient Policy |
Edit subclient policy associations. |
|
|
Clone a subclient policy. |
|
|
Delete a subclient policy. |
Delete Subclient Policy |
Subclient Policy |
Change security settings for subclient policy. |
Change Security Settings |
Subclient Policy |
Subclient
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Create and delete a subclient. |
Agent Management |
Backup set |
Modify a subclient. |
Agent Management |
Subclient |
Synthetic Full
See the "Data Protection" section on this page.
User Accounts and Passwords
Task |
Permission |
Associated CommCell Entities |
---|---|---|
|
Administrative Management |
CommCell |
User Administration - Search Console
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Configure disk space utilization and search result display for each user. |
Administrative Management |
CommCell |
User Administration and Security
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Create, edit, and delete a role. |
Change security settings |
Any entity on which you want to perform the task. |
Create a user. |
Add, delete and modify a user |
CommCell |
Edit and delete a user. |
Add, delete and modify a user |
User |
Create a user group. |
Add, delete and modify a user group |
CommCell |
Edit and delete a user group and an external group. |
Add, delete and modify a user group |
User Group |
Add a domain. |
Add, delete and modify a domain |
CommCell |
Edit and delete a domain. |
Add, delete and modify a domain |
Domain |
Add an external user. |
Add, delete and modify a user |
Domain |
Add an external group. |
Add, delete and modify a user group |
Domain |
Transfer the ownership of entities. |
|
|
|
|
|
|
|
For information on the permissions needed to create a security association, see the "Security Associations" section on this page.
Vault Tracker Feature
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Add, delete, and modify any of the following objects or operations:
Vault Tracker Reports Note: This operation also requires the Report Management permission. Only information about objects available with the user's current Vault Tracker Operations permission level are displayed in the report. |
Vault Tracker Operations |
CommCell |
|
Vault Tracker Operations |
Entities other than CommCell |
Virtual Machine Restore
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Recover guest files and folders to their original location. |
In Place Recover |
Client/Agent |
Recover full virtual machines to their original location. |
In Place Full Machine Recovery End users performing the restore must own the virtual machines being recovered. CommCell Console users performing the restore must own or have an association with the virtualization client protecting the virtual machine. |
Client/Agent |
Recover guest files and folders to a different destination client. |
Out of Place Recover and In Place Recover |
Client/Agent |
Recover full virtual machines to a location other than the original location. |
Out of Place Full Machine Recovery End users performing the restore must own the virtual machines being recovered. CommCell Console users performing the restore must own or have an association with the virtualization client protecting the virtual machine. |
Client/Agent |
Attach virtual machine disks of a backed up virtual machine (source virtual machine) to an existing virtual machine (target virtual machine) |
Out of Place Recover |
Client/Agent |
Virtualize Me
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Perform a Virtualize Me operation |
Administrative management Browse End User Access Out-of-place Recover In Place Recover Install Package/Update or Install Client Agent Management Overwrite on Restore |
Clients and Client Computer Groups where you installed the Windows File System Agent. |
VPN Services
Task |
Permission |
Associated CommCell Entities |
---|---|---|
|
VPN Management |
CommCell |
Web Console
My Data Application
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Run the incremental backup jobs, but not cancel or suspend the backup job. |
Data Protection Operations |
Clients managed using Web Console. |
Pause, resume, or kill the backup job. |
Job Management |
Clients managed using Web Console. |
Perform the following in the Web Console:
|
Users can have either of these groups of permissions:
|
Clients managed using Web Console. |
Perform the following in the Web Console:
|
Agent Management |
Clients managed using Web Console. |
Perform the following in the Web Console:
|
Users can have either of these groups of permissions:
|
Clients managed using Web Console. |
Download one or more backed up files and folders to a specific location in the computer used for accessing the Web Console. |
Users can have either of these groups of permissions:
|
Clients managed using Web Console. |
Preview files on the Web Console |
Users can have either of these groups of permissions:
|
Clients managed using Web Console. |
Upload one or more files and folders to a specific location in the client computer from the Web Console. |
Users can have either of these groups of permissions:
|
Clients managed using Web Console. |
Share files and folders with other users. |
Sharing |
Clients managed using Web Console. |
User can browse backed up data and live (not backed up) data on the client computer. User can also browse data on network share location. Applies To: File System agents |
Users can have either of these groups of permissions:
|
Clients managed using Web Console. |
Search the data backed up from the client computer. The search capability provided in the Web Console also allows users to search through the contents of the backup data. |
Users can have either of these groups of permissions:
|
Clients managed using Web Console. |
Delete the data backed up from the client computer. |
Users can have either of these permissions:
|
Clients managed using Web Console. |
Open the Restore Files page. |
For CommCell users: Browse For domain users: Browse or End User Access (For end user access, you must enable the end user access control list option for the client computer) |
Clients managed using Web Console. |
Synchronize a set of files and folders with up to three computers at once. |
Users can have either of these groups of permissions:
|
Clients managed using Web Console. |
Virtual Machines Application
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Make a copy of a virtual machine. |
Clone VM |
Virtual machines created using Web Console. |
Create a snapshot backup of a virtual machine. |
Create VM Snapshot |
Virtual machines created using Web Console. |
Delete a virtual machine. |
Delete VM |
Virtual machines created using Web Console. |
Delete snapshot backups of a virtual machine. |
Delete VM Snapshot |
Virtual machines created using Web Console. |
Edit the settings for a virtual machine. |
Edit VM |
Virtual machines created using Web Console. |
Power off a virtual machine. |
Power OFF VM |
Virtual machines created using Web Console. |
Power on a virtual machine. |
Power ON VM |
Virtual machines created using Web Console. |
Refresh the connection to the hardware. |
Refresh VM |
Virtual machines created using Web Console. |
Extend the life of a virtual machine to a specified date. |
Renew VM |
Virtual machines created using Web Console. |
Revert a virtual machine to a previous snapshot backup. |
Revert VM Snapshot |
Virtual machines created using Web Console. |
Workflow
Task |
Permission |
Associated CommCell Entities |
---|---|---|
Create a workflow |
Create Workflow |
Any entity |
Deploy a workflow |
Agent Management |
Client where the Workflow Engine is installed |
Deploy a business logic workflow |
|
|
Execute or run a workflow |
Execute Workflow |
Workflow |
Edit a workflow |
Edit Workflow |
Workflow |
Delete a workflow |
Delete Workflow |
Workflow |