You can associate users or user groups with roles to control the tasks that users can perform in the Command Center.
Considerations
For tasks that tenant users cannot perform, they can submit service requests to the tenant administrator or to the service provider. For example, incremental backups are performed by default, but a tenant can submit a service request to the service provider to request a full backup.
The following tasks might be visible to tenant users, but can only be executed by the service provider:
Configure replication
Users can only run incremental backups. Full backups can only be performed by a tenant administrator or by a service desk request to the service provider.
New or restored VMs do not appear on the Virtual machines tab for the hypervisor until at least one backup has run on them.
Restored VMs do not inherit the original VM permissions. The tenant administrator must grant self-service user permissions and ownership for the VM after it is restored.
For VMware, restored VMs are not restored into ESX VM folders. If folders are required, the service provider must migrate the restored VMs to the appropriate VM folder.
After restoring VMs, verify that they are assigned to the correct VM group.
If the CommServe host uses internal DNS, you might need to edit the /etc/hosts file on your ESX infrastructure and enter an entry from each of the MediaAgents that handle restores using live recovery or live mount. During recovery, Commvault mounts a temporary NFS datastore from the MediaAgent to the ESX host using ports 111 and 2049.
Tasks That Can Be Performed for Each Role
The following table shows the tasks that users can perform, based on the role assignments for the user.
Task | End Users (default role) | Client Admins (default role) | VM Owner (custom role) |
|---|---|---|---|
View VM protection history | Yes | Yes | Yes |
View performance against VM Service Level Agreement (SLA) | Yes | Yes | Yes |
Incremental backup, Suspend, Resume, Kill | Yes | Yes | No |
View jobs, job details, logs | Yes | Yes | Yes |
Restore – Guest files (in place, out of place) | Yes | Yes | Yes |
Restore – full virtual machine (in place) | Yes | Yes | Yes |
Restore – full virtual machine (out of place) | Yes | Yes | No |
Restore – download files (in browser) | Yes | Yes | Yes |
Restore - Live recovery | Yes | No | No |
Restore – Live mount | Yes | No | No |
View or change service plan | Yes | No | No |
Configure replication | No | No | No |
Assign additional owners, permissions | Yes | No | No |
Before You Begin
Create the following user groups:
Tenant Administrators
Tenant End Users
VM Owners
Procedure
From the navigation pane, go to Manage > Security.
The Security page appears.
Click the Roles tile.
The Roles page appears.
Associate the following user groups with the corresponding roles:
Associate the Tenant End Users group with the End Users role.
Associate the Tenant Administrators group with the Client Admins role.
Associate the VM Owners group with the VM Owner role.
To configure each role, perform the following actions:
For the role, click the button in the Actions column and then select Edit.
The Edit role dialog box appears.
Under Security, click Edit.
Enter the user group name on the left, select the role from the list, and then click Add.
Click Save.
In the Edit role dialog box, click Save.