Loading...

User Security Permissions and Permitted Actions

Table of Contents

The sections list the operations available to a user or user group who is assigned to a role with a particular permission and who is associated with a specific entity. The Associated CommCell Entities column lists the minimum level of entity association a user or user group needs to perform the function. To see this information sorted by feature, see the Permissions and Permitted Actions (by Feature) topic.

Add Datasource

Associated CommCell Entities Available Tasks/Operations
CommCell Add a data source for reports that were downloaded from the Software Store or built with Build Your Own Reports.

Add, Delete and Modify a User

Associated CommCell Entities Available Tasks/Operations
CommCell Create a user.
User Edit and delete a user and an external user.
Domain Add an external user.

Add, Delete and Modify a User Group

Associated CommCell Entities Available Tasks/Operations
CommCell Create a user group.
User Group Edit and delete a user group and an external group.
Domain Add an external group.

Add, Delete and Modify a Domain

Associated CommCell Entities Available Tasks/Operations
CommCell Add a domain.
Domain Edit and delete a domain.

Add, delete and modify content for DLP

This permission is used by the software when features are selected for a plan in Admin Console. For information on Admin Console plans, see Endpoint Plans.

Add/Remove Recipients

Associated CommCell Entities Available Tasks/Operations
Alert Add notification recipients to an existing alert.

Add Report

Associated CommCell Entities Available Tasks/Operations
CommCell

Web Server Client

Client Group with Web Server

  • Create a new report on Web Console using Build Your Own Reports.
  • Download reports from the Software Store.

Administrative Management

Associated CommCell Entities Available Tasks/Operations
CommCell
  • Software:
    • Uninstall software from the CommCell Console.
    • Configure, and download software updates and automatic upgrades.
  • Modify CommServe, Client Computer Group and Client Computer properties.

    Note: At the client and client computer group levels, the Agent Management permission is needed to update settings on the Activity Control tab.

  • Track the operations of users who have access to the CommCell and set or modify the Audit Trail settings.
  • Run an auxiliary copy operation.
  • Add or modify the parameters available in the Control Panel

    Note: The license administration operation also requires the License Management permission at the CommCell level.

  • Migrate clients from one CommCell to another.
  • Define custom calendars to suit the needs of your organization.
  • Run a Data Aging operation.
  • Configure Data Interface Pairs.
  • Set the Database Space Check Interval.
  • Configure and perform Disaster Recovery Backups.
  • Configure and perform an Erase Data by Browsing operation or Erase Stubs operation.
  • Create Global Filters.
  • Perform the following Job Management configuration functions:
    • Set the job priority of an Agent.
    • Queue jobs.
    • Set the job update interval.
    • Determine if a job should be preemptible or restartable.

    Note: When performing an action on multiple jobs in the Job Controller, the correct permission and object association for all of the selected jobs are necessary. If a user is missing the correct permission, the group action cannot be performed on any of the jobs. The user who initiated a job can perform Job Controller functions for that job regardless of permission or object association.

  • Configure and de-configure libraries and drives.
  • Change the name of a client.
  • Define Operation Rules at the CommCell level.
  • Create a schedule policy without any entity associations.
  • Alerts:
    • Delete an alert from a schedule or schedule policy.
    • Create alert rules.

      Note: This operation also requires the Report Management permission at the CommCell level.

    • Use alert rules to create alerts.

      Note: This operation also requires the Report Management permission at the CommCell level.

  • Schedule administration operations such as Data Aging, Auxiliary Copy, Disaster Recovery backup, Data Verification, Automatic Update, Erase Data by Browsing/Erase Stubs, Drive Cleaning, and Report, run a scheduled task immediately, and be able to view, delete, disable, or modify the above schedules.

    Note: The user who created the schedule can also view it without any permission or object association.

  • Set Holidays.
  • Change media and network passwords (Control Panel > System > Change Passwords) and change user accounts (Control Panel > User Account Management).
  • Configure disk space utilization and search result display for each user.
  • Configure and perform Offline Content indexing
  • Delete Content Indexing Server.
  • Configure pre/post processes for Disaster Recovery Backup operations
  • Modify the following hardware maintenance settings:
    • Library Maintenance
    • Drive Maintenance
    • Media Expiration
    • Drive Cleaning Thresholds
  • Delete Legal Hold.
  • View and configure reports on the CommCell Console.
  • View reports on the Web Console.
  • Build and download reports on the Web Console.
  • Import and export report templates on the Web Console.
  • Publish reports to Download Center.
Client Computer Group
  • Define Operational Window rules from the Client Computer Group level.
  • Modify/Delete client computer group properties.

    Note: The Agent Management permission is needed to update settings on the Activity Control tab.

  • Delete clients from a client group.

    Note: This operation also requires the Agent Management permission at the client level.

Client
  • Modify client properties.

    Note: The Agent Management permission is needed to update settings on the Activity Control tab.

Client where the Workflow Engine is installed Deploy a workflow.

Agent Management

Associated CommCell Entities Available Tasks/Operations
Client Computer Group Set Activity Control from the client computer group level.
Client
  • Add clients to a client group when there are no user groups in the Associated Groups list on the Security tab in the Client Group dialog box.
  • Add clients to a client group when there are user groups in the Associated Groups list on the Security tab in the Client Group dialog box.

    Note: This operation also requires the User Management permission at the client level.

  • Delete clients from a client group.

    Note: This operation also requires the Administrative Management permission at the client computer group level.

  • Set Activity Control from the Client level.
  • Define Operational Window rules from the Client level.
  • Modify and set the job priority for a client.
  • Set Data Encryption at the Client level.
  • De-configure a client.
  • Enable privacy.
  • Create an Oracle RAC client.
  • Create a DB2 MultiNode pseudo-client.
Agent
  • Set Activity Control from the Agent level.
  • Modify and perform operations specific to an agent.
  • Enable software compression for an Agent.
  • Set Data Encryption at the Subclient level.
  • De-configure an agent.
  • Define operation rules at the Agent level.
  • Configure a pre/post process.
  • Add a pre/post process for data recovery operations.
  • Remove a pre/post process for data protection/archive operations.
  • Configure, activate, and deactivate snapshots.
  • Create a subclient policy with subclient association.

    Note:

    • This operation also requires the View permission at the storage policy level.
    • Any user can create a subclient policy that does not have any subclient association.
  • Create a Replication Set.
Backup Set
  • Create a new on-demand backup set.
  • Create, modify, and delete a backup set.
  • Create and delete a subclient.
  • Associate or disassociate a backup set to a subclient policy.
Subclient
  • Modify a subclient.
  • Enable global filters for a subclient.
  • Create data protection filters for a subclient.
Instance/Partition Create, modify, and delete an instance/partition.
Replication Set
  • Modify and delete a Replication Set.
  • Create, modify, and delete a Replication Pair.
Replication Pair Delete a Replication Pair.
Client where the Workflow Engine is installed Deploy a workflow.

Agent Scheduling

Note: This operation also requires the Data Protection/Management Operations, In Place Recover, and Out of Place Recover permissions respectively for Data Protection and Data Recovery Schedule.

Associated CommCell Entities Available Tasks/Operations
Agent, Backup Set, Instance/Partition/Subclient
  • Create and clone a Data Protection Schedule Policy.

    Note: This operation also requires the Create Schedule Policy permission at the CommCell level.

  • Modify a Data Protection Schedule Policy.

    Note: This operation also requires the Edit Schedule Policy permission at the schedule policy level.

  • Decouple a scheduled job from a schedule policy.

    Note: This operation also requires the Edit Schedule Policy permission at the schedule policy level.

  • Run the schedules of a schedule policy immediately.
  • Add, modify, disable, delete, and view data protection operation schedules.
  • Add, modify, disable, delete, and view data recovery operation schedules.

    Note: The user who created the schedule can also view it without any permission or object association.

  • Schedule Data Collection Jobs at Agent and Subclient level.
Replication Set Schedule the creation and back up of a Recovery Point.
Storage Policy Create and clone an auxiliary copy schedule policy.

Note: Additional permissions are required. For information, see the permission list in Auxiliary Copy Schedule Policy.

Alert Management

Associated CommCell Entities Available Tasks/Operations
You must have the Alert Management permission on the entities you are adding to the alert. Add entities to an alert.
CommCell Modify an alert on a schedule or schedule policy.

Annotation Management

Associated CommCell Entities Available Tasks/Operations
CommCell/Client group/Client/Agent/Backup Set Add/edit annotations to discovered files/emails.

Application-Free Restore

This operation includes the following.

Associated CommCell Entities Available Tasks/Operation
The Out of Place Recover permission at the backup set or instance at the source client

and

The Browse and In Place Recover permissions at the agent level of the destination client

Restore databases directly to a disk from the CommCell Console without the use of the database application.

Browse

Associated CommCell Entities Available Tasks/Operations
CommCell/Client group/Client/Agent/Backup Set/Instance/Partition/Subclient/Replication Set
  • Perform a browse operation at the appropriate levels.
  • View the list of media required for browse/data recovery operations.
  • Search CommCell domain for data related to any user on the associated object.
  • View backup job history/backup data.

Change Security Settings

Associated CommCell Entities Available Tasks/Operations
Any entity on which you want to perform the task.
  • Create, edit, and delete a role.
  • Create and edit a security association.

Clone VM

Associated CommCell Entities Available Tasks/Operations
Virtual machines created using Web Console. Make a copy of a virtual machine.

Compliance Search

Associated CommCell Entities Available Tasks/Operations
CommCell/Client group/Client/Agent/Backup Set Search CommCell domain for data related to any user on the associated object.

Create Alert

Associated CommCell Entities Available Tasks/Operations
CommCell Create an alert.

Note: The user who creates the alert is automatically assigned the Alert Owner role on the new alert. The Alert Owner role includes the following permissions:

  • Edit Alert Associations
  • Add/Remove Recipients
  • Delete Alert
  • Edit Alert
  • Change security settings
  • View

Note: For the permissions and the entities needed to add security associations to an alert, see Security Associations.

Create Plan

Plans are used in the Admin Console to define the information to back up and how often to perform the backup.

Associated CommCell Entities Available Tasks/Operations
The entity using the plan. Create a plan.

Create Schedule Policy

Note: This operation for data protection schedules also requires the Data Protection/Management Operations and Agent Scheduling permissions at the client level.

Associated CommCell Entities Available Tasks/Operations
CommCell Create and clone a schedule policy.

Note: Creating a schedule policy without any entity associations also requires the Administrative Management permission at the CommCell level.

Storage Policy Create and clone an auxiliary copy schedule policy.

Note: Additional permissions are required. For information, see the permission list in Auxiliary Copy Schedule Policy.

Create Subclient Policy

Associated CommCell Entities Available Tasks/Operations
CommCell
  • Create a subclient policy.
  • Clone a subclient policy.

Create VM Snapshot

Associated CommCell Entities Available Tasks/Operations
Virtual machines created using Web Console. Create a snapshot backup of a virtual machine.

Create Workflow

Associated CommCell Entities Available Tasks/Operations
any entity Create a workflow.

Data Connectors

Associated CommCell Entities Available Tasks/Operations
CommCell View and edit Data Connectors in the Analytics section of the Web Console.

Data Protection/Management Operations

Associated CommCell Entities Available Tasks/Operations
Backup set Run on demand data protection jobs.
Agent
  • Remove a pre/post process for data protection/archive operations.
  • Run/Schedule Data Collection Jobs.
Backup Set, Instance/Partition, Subclient
  • Configure and perform archive operations.
  • Configure and perform the following data protection operations:
    • Backups including synthetic full backups
    • Archives
    • Migrations

    Note: The associated object is the object from which the data protection operation is being initiated.

Agent, Backup Set, Instance/Partition/Subclient
  • Add, modify, disable, delete, and view data protection operation schedules.

    Note: The user who created the schedule can also view it without any permission or object association.

  • Run/Schedule Data Collection Jobs.

If this task/operation is performed at the level for which the schedules were created:

  • Create, clone, and modify a Data Protection Schedule Policy.
  • Decouple a scheduled job from a schedule policy.

    Note: This operation also requires the Edit Schedule Policy permission at the schedule policy level.

  • Run the schedules of a schedule policy immediately

    Note: Only a user who created the schedule policy or a user who is associated with all of the objects associated with the schedule policy can change the schedule pattern.

Replication Set
  • Create Recovery Point.
  • Back up Recovery Point.
Client, Subclient Backup copy:
  • Copy the snapshots of the data to any media.
  • Create additional standby copies of data.

Note: The backup copy operations also require the Storage Policy Management permission at the storage policy level.

Storage Policy Create and clone an auxiliary copy schedule policy.

Note: Additional permissions are required. For information, see the permission list in Auxiliary Copy Schedule Policy.

Delete Alert

Associated CommCell Entities Available Tasks/Operations
Alert Delete an alert.

Delete Datasource

Associated CommCell Entities Available Tasks/Operations
CommCell Delete data sources used in reports that were downloaded from the Software Store or built with Build Your Own Reports.

Delete Monitoring Policy

Associated CommCell Entities Available Tasks/Operations
Monitoring Policy
  • Delete a monitoring policy.
  • Log Monitoring: Erase search results from the Analytics Engine

Delete Plan

Plans are used in the Admin Console to define the information to back up and how often to perform the backup.

Associated CommCell Entities Available Tasks/Operations
The entity using the plan. Delete a plan.

Delete Report

Associated CommCell Entities Available Tasks/Operations
CommCell Delete reports that were downloaded from the Software Store or built with Build Your Own Reports.

Delete Schedule Policy

Associated CommCell Entities Available Tasks/Operations
Schedule Policy Delete a schedule policy.

Delete Subclient Policy

Associated CommCell Entities Available Tasks/Operations
Subclient Policy Delete a subclient policy.

Delete VM

Associated CommCell Entities Available Tasks/Operations
Virtual machines created using Web Console. Delete a virtual machine.

Delete VM Snapshot

Associated CommCell Entities Available Tasks/Operations
Virtual machines created using Web Console. Delete snapshot backups of a virtual machine.

Delete Workflow

Associated CommCell Entities Available Tasks/Operations
Workflow Delete a workflow.

Download

Associated CommCell Entities Available Tasks/Operations
CommCell/Client Computer Groups/Client Download one or more files and folders from the Web Console to a specific location on the local machine.

Download Center Management

Associated CommCell Entities Available Tasks/Operations
Web Server Client
  • View Download Center in the Web Console.
  • View and download packages in the Download Center.
  • Publish reports to the Download Center.
  • Upload packages to Download Center.
  • Edit package information.
  • Delete packages from Download Center.

Edge Drive

This permission is used by the software when features are selected for a plan in Admin Console. For information on Admin Console plans, see Endpoint Plans.

eDiscovery

This permission is used by the software when features are selected for a plan in Admin Console. For information on Admin Console plans, see Endpoint Plans.

Edit Alert

Associated CommCell Entities Available Tasks/Operations
Alert Modify an alert.

Note: For the permissions and the entities needed to modify the security associations on an alert, see Security Associations.

Edit Alert Associations

Associated CommCell Entities Available Tasks/Operations
Alert Add entities to or remove entities from an existing alert.

Note: This operation also requires the Alert Management permission on the entities you are adding to the alert.

Edit Datasource

Associated CommCell Entities Available Tasks/Operations
CommCell Edit data sources for reports that were downloaded from the Software Store or built with Build Your Own Reports.

Edit Monitoring Policy

Associated CommCell Entities Available Tasks/Operations
Monitoring Policy Edit properties of a monitoring policy.

Note: The user creating the monitoring policy must have the Administrative Management or Agent Management permission on the client or client group that contains the logs to be monitored.

Edit Plan

Plans are used in the Admin Console to define the information to back up and how often to perform the backup.

Associated CommCell Entities Available Tasks/Operations
The entity using the plan. Edit a plan.

Edit Plan Associations

Associated CommCell Entities Available Tasks/Operations
The entity using the plan. Add a plan to or remove a plan from an entity.

Edit Report

Associated CommCell Entities Available Tasks/Operations
CommCell Edit reports that were downloaded from the Software Store or built with Build Your Own Reports.

Edit Schedule Policy

Associated CommCell Entities Available Tasks/Operations
Schedule Policy Edit a schedule policy.

Note: Editing the schedule policy associations also requires the Edit Schedule Policy Associations permission at the schedule policy level.

Edit Schedule Policy Associations

Associated CommCell Entities Available Tasks/Operations
Schedule Policy Add entities to or remove entities from an existing schedule policy.

Note: This operation also requires the Edit Schedule Policy permission at the schedule policy level and, for Auxiliary Copy schedule policies, the Administrative Management permission at the CommCell level.

Edit Subclient Policy

Associated CommCell Entities Available Tasks/Operations
Subclient Policy Edit subclient name and description.

Edit Subclient Policy Associations

Associated CommCell Entities Available Tasks/Operations
Subclient Policy Edit associations for the subclient policy.

Edit VM

Associated CommCell Entities Available Tasks/Operations
Virtual machines created using Web Console. Edit the settings for a virtual machine.

Edit Workflow

Associated CommCell Entities Available Tasks/Operations
Workflow Edit a workflow.

eGovernance

This permission is used by the software when features are selected for a plan in Admin Console. For information on Admin Console plans, see Endpoint Plans.

Email Analytics

Associated CommCell Entities Available Tasks/Operations
CommCell/Client group/Client View Email Analytics Reports from the Web Console for the associated object.

End User Access

Associated CommCell Entities Available Tasks/Operations
CommCell/Client group/Client/Agent/Backup Set
  • Search CommCell domain for data related to the logged in user with permissions to the user on the associated object.
  • Perform Browse, Restore, and Erase Data operations with the Windows File System (ACLs based).
  • UNIX File System: Perform restores by impersonating users. For more information, see Restores Using End-User Permission.

Events Organizer

Associated CommCell Entities Available Tasks/Operations
CommCell Access Events Organizer from the Web Console.

Execute Monitoring Policy

Associated CommCell Entities Available Tasks/Operations
Monitoring Policy Run or execute a monitoring policy.

Execute Report

Associated CommCell Entities Available Tasks/Operations
CommCell View reports that were downloaded from the Software Store or built with Build Your Own Reports.

Execute Workflow

Associated CommCell Entities Available Tasks/Operations
Workflow Run/Execute a workflow

File Analytics

Associated CommCell Entities Available Tasks/Operations
CommCell/Client group/Client View File Analytics Reports from the Web Console for the associated object.

In Place Full Machine Recovery

Associated CommCell Entities Available Tasks/Operations
Client/Agent (virtualization only) Recover full virtual machines to their original location. The user performing the restore must own the virtual machines being recovered.

In Place Recover

Associated CommCell Entities Available Tasks/Operations
Client/Agent/Backup Set/Instance/Partition/Replication Set Note for File System Agents: To overwrite files during a restore to the same location, the Overwrite on Restore permission is required.
  • Restore Data Using a Map File and Restore by Jobs procedures
    • If data is being recovered to the same destination as the original data protection operation
    • If data is being recovered to a different destination than the original data protection operation
  • Browse and recover to the same place as the original data protection operation. These operations include:
    • Copyback
    • Restore
    • Recovery
    • Retrieve
  • Virtual machine recovery: recover guest files and folders to their original location. To recover full virtual machines to their original location, use the In Place Full Machine Recovery permission.
  • Add pre/post processes for data recovery operations.
  • Add, modify, disable, delete, and view data recovery operation schedules.

    Note: The user who created the schedule can also view it without any permission or object association.

  • Automatic and manual mount point creation for snapshots that comprise a Recovery Point for ContinuousDataReplicator.
  • Search CommCell domain for data related to any user on the associated object.

Install Package/Update

Associated CommCell Entities Available Tasks/Operations
Client
  • Install software (on existing clients).

    Note: This operation requires this permission only when the Authentication for Agent Installs feature is enabled.

  • View Download Center in the Web Console.
  • Publish reports to Download Center.
  • View and download packages in the Download Center.
  • Install an agent on the client in the CommCell.

    Note: This operation requires this permission only when the Authentication for Agent Installs feature is enabled.

  • Install or uninstall software using the CommCell Console.

    Note: This operation requires this permission only when the Authentication for Agent Installs feature is enabled.

Install Client

Associated CommCell Entities Available Tasks/Operations
CommCell
  • Register a client from the client level
  • Create a NAS client.
  • Install software (on new clients).

    Note: This operation requires this permission only when the Authentication for Agent Installs feature is enabled.

Note: During the installation operation, the child nodes of the entity are not displayed.

Job Management

Associated CommCell Entities Available Tasks/Operations
CommCell
  • Suspend, resume, and kill selected jobs and groups of jobs.

    Note: When performing an action on multiple jobs in the Job Controller, the correct permission and object association for all of the selected jobs are necessary. If a user is missing the correct permission, the group action cannot be performed on any of the jobs. The user who initiated a job can perform Job Controller functions for that job regardless of permission or object association.

  • Change the job priority of a scheduled job, running jobs, or groups of running jobs from the Job Controller.
  • Start/suspend/resume/abort Replication Sets.
  • Start/suspend/resume/abort Replication Pairs.
Entity the job is associated with Suspend, resume, and kill selected jobs and groups of jobs.

Laptop

This permission is used by the software when features are selected for a plan in Admin Console. For information on Admin Console plans, see Endpoint Plans.

Legal Hold Management

Associated CommCell Entities Available Tasks/Operations
CommCell/Client group/Client/Agent/Backup Set
  • Create and Modify Legal Hold.
  • Add search items to Legal Hold.
  • Retrieve data from Legal Hold.

Library Administration

Associated CommCell Entities Available Tasks/Operations
Library / Client Computer Group Perform the following functions:
  • Create/delete or modify scratch pools.
  • Move media between scratch pools.
  • Reset library, library controller.
  • Full scan.
  • Mark library fixed.
  • Properties of library, master drive pool, drive pool, drive, and media.
  • Validate drive.
  • Mark a drive cleaned.
  • Mark a drive replaced.
  • Mark a drive fixed.
  • Clean drive.
  • Reset drive.
  • Unload drive.
  • Import media, cleaning media.
  • Load media.
  • Mark media full, bad, and appendable.
  • Mark media exported, prevent media export, export media.
  • Verify media.
  • Move media.
  • Delete media.
  • Update barcode.
  • Unload media.
  • Export media or schedule export media.

    Note: Users who are not a member of the View All user group would not be able to view/browse the export locations. However, they can manually enter the export location and successfully complete the export operation.

  • Recall media
  • View contents.
  • Inventory, Scheduled Inventory for Blind Library.
  • Stamp media in stand alone libraries.

Library Management

Library Management is a superior permission with critical library management rights, in addition to all the rights in Library Administration permission.

Associated CommCell Entities Available Tasks/Operations
Library / Client Computer Group Perform the following functions:
  • Erase spare media.
  • Delete contents.
  • Overwrite Media options.
  • Create/delete or modify scratch pools.
  • Move media between scratch pools.
  • Reset library, library controller.
  • Full scan.
  • Mark library fixed.
  • Properties of library, master drive pool, drive pool, drive, and media.
  • Validate drive.
  • Mark a drive cleaned.
  • Mark a drive replaced.
  • Mark a drive fixed.
  • Clean drive.
  • Reset drive.
  • Unload drive.
  • Import media, cleaning media.
  • Load media.
  • Mark media full, bad, and appendable.
  • Mark media exported, prevent media export, export media.
  • Verify media.
  • Move media.
  • Delete media.
  • Update barcode.
  • Unload media.
  • Export media or schedule export media.

    Note: Users who are not a member of the View All user group would not be able to view/browse the export locations. However, they can manually enter the export location and successfully complete the export operation.

  • Recall media
  • View contents.
  • Inventory, Scheduled Inventory for Blind Library.
  • Stamp media in stand alone libraries.

License Management

Associated CommCell Entities Available Tasks/Operations
CommCell Add or modify the License Administration parameters in the Control Panel.

Note: This operation also requires the Administrative Management permission at the CommCell level.

Live Browse

Applies To: File System agents

Associated CommCell Entities Available Tasks/Operations
CommCell/Client group/Client User can browse backed up data and live (not backed up) data on the client computer. This feature is available in the Web Console.

MediaAgent Management

Associated CommCell Entities Available Tasks/Operations
CommCell Deconfigure the MediaAgent CommCell object.
MediaAgent / Client Computer Group
  • Modify MediaAgent properties including the Index Cache, and perform MediaAgent operations.
  • Change the name of a MediaAgent.

To enable these tasks or operations, set the value of the Media Management configuration parameter Provide user with MediaAgent management rights additional capabilities for libraries, data paths, and storage policies to 1.

  • Access Expert Storage Configuration window to configure or deconfigure libraries and drives.
  • Create, modify, and delete storage policies and storage policy copies using libraries associated with a MediaAgent.
  • Add data paths to a MediaAgent.
Deduplication Database Enable or disable physical pruning

To enable this task or operation, set the value for the parameter Provide user with MediaAgent management rights additional capabilities for libraries, data paths, and storage policies to 1. For more information, see Media Management Configuration: Service Configuration.

Mobile Backup

This permission is used by the software when features are selected for a plan in Admin Console. For information on Admin Console plans, see Endpoint Plans.

Out of Place Full Machine Recovery

Associated CommCell Entities Available Tasks/Operations
Client/Agent (virtualization only) Recover full virtual machines to a location other than the original location. The user performing the restore must own the virtual machines being recovered.

Out of Place Recover

Associated CommCell Entities Available Tasks/Operations
Backup Set, Replication Set, or Instance/Partition at the source client

and

Browse and In Place Recovery permission at the agent level of the destination client.

If the destination client is on a different platform than the source client (for example, a Unix File System client and a Windows File System client), then Browse and In Place Recovery with at least client level association at the destination client is needed.

  • Restore Data Using a Map File and Restore by Jobs
    • Source Client
  • Browse and recover to a different place than the original data protection operation. These operations include:
    • Copyback
    • Restore
    • Recovery
    • Retrieve
  • Virtual machine recovery: recover guest files and folders to a different destination client. To recover full virtual machines to a location other than the original location, use the Out of Place Full Machine Recovery permission.
  • Add pre/post processes for data recovery operations.
  • Add, modify, disable, delete, and view data recovery operation schedules.

    Note: The user who created the schedule can also view it without any permission or object association.

  • Automatic and manual mount point creation for snapshots that comprise a Recovery Point for ContinuousDataReplicator.
  • Search CommCell domain for data related to any user on the associated object.

Overwrite on Restore

Associated CommCell Entities Available Tasks/Operations
Client/Agent/Backup Set File system agents: Overwrite files during a restore to the same location.

Note: This operation also requires the In Place Recover permission.

Power OFF VM

Associated CommCell Entities Available Tasks/Operations
Virtual machines created using Web Console. Power off a virtual machine.

Power ON VM

Associated CommCell Entities Available Tasks/Operations
Virtual machines created using Web Console. Power on a virtual machine.

Query Datasource

Associated CommCell Entities Available Tasks/Operations
CommCell Query data sources for reports that were downloaded from the Software Store or built with Build Your Own Reports.

Recover and Download

Associated CommCell Entities Available Tasks/Operations
Client Created and managed by the system to enable the sharing framework for Compliance Search and End-User Search.

Refresh VM

Associated CommCell Entities Available Tasks/Operations
Virtual machines created using Web Console. Refresh the connection to the hardware.

Renew VM

Associated CommCell Entities Available Tasks/Operations
Virtual machines created using Web Console. Extend the life of a virtual machine to a specified date.

Report Management

Associated CommCell Entities Available Tasks/Operations
Any entity that you want to view in reports such as clients, storage policies, libraries, and any other available entity in the CommCell Console. View and run reports on CommCell Console.
Pseudo CommCell Client/CommCell Group level or higher View Metrics reports on Web Console.
Client level or higher View the SLA Report and the Backup Job Summary Report on Web Console.
CommCell
  • Create alert rules.
  • Use alert rules to create alerts.

Note: The alert rule operations also require the Administrative Management permission at the CommCell level.

Revert VM Snapshot

Associated CommCell Entities Available Tasks/Operations
Virtual machines created using Web Console. Revert a virtual machine to a previous snapshot backup.

Run Command with System Account

Associated CommCell Entities Available Tasks/Operations
Subclient Run subclient pre/post commands using a local system account.

Run Command with User Account

Associated CommCell Entities Available Tasks/Operations
Subclient Run subclient pre/post commands using an impersonated user.

Sharing

Associated CommCell Entities Available Tasks/Operations
Any entity User can share files and folders with other users from the Web Console.

Storage Policy Management

Associated CommCell Entities Available Tasks/Operations
Storage Policy / Client Computer Group
  • Modify a storage policy or storage policy copy.
  • Perform a data verification operation.
  • Configure a storage policy copy for alternate data paths, and delete data paths from the copy.
  • Enable Hardware Compression for a data path from a storage policy copy to which the data path is associated.
  • Configure a storage policy copy for data multiplexing.
  • Configure a storage policy copy for data verification.
  • Enable an Incremental Storage Policy.
  • Prune, disable, and manually retain a data protection operation on a copy.
  • Set Inline Copy.
  • Combine the data streams of a storage policy copy.
  • Backup copy:
    • Copy the snapshots of the data to any media.
    • Create additional standby copies of data.

    Note: The backup copy operations also require the Data Protection/Management Operations permission at the client or subclient level.

Storage Policy
  • Run an auxiliary copy operation for a storage policy.
  • Perform the following functions for an auxiliary copy schedule policy:
    • Create and clone an auxiliary copy schedule policy.

      Note: Additional permissions are required. For information, see the permission list in Auxiliary Copy Schedule Policy.

    • Disable auxiliary copy schedule policies.
    • Run the schedules of the auxiliary copy schedule policy immediately.
    • View the storage policies and storage policy copies associated with the policy.

    Note: Only a user who created the schedule policy or a user who is associated with all of the objects associated with the schedule policy can change the schedule pattern.

CommCell
  • Create and delete storage policies and storage policy copies, including inline copies.
  • Migrate media.
Deduplication Database Enable or disable physical pruning

Tag Management

Associated CommCell Entities Available Tasks/Operations
CommCell/Client group/Client/Agent/Backup Set
  • Create/Modify/Delete Tags.
  • Associate/Dissociate Tags to discovered items.

Upload

Associated CommCell Entities Available Tasks/Operations
CommCell/Client group/Client Upload one or more files and folders to a specific location in the client computer from the Web Console.

User Management

Associated CommCell Entities Available Tasks/Operations
CommCell
  • Add, delete, and modify a CommCell user.
  • Add, delete, and modify a user group.
  • Associate/disassociate a user group to any CommCell entity.
  • Configure Single Sign On.
  • Add clients to a client group.
Client Add clients to a client group when there are user groups in the Associated Groups list on the Security tab in the Client Group dialog box.

Note: This operation also requires the Agent Management permission at the client level.

Entities other than CommCell Associate/disassociate a user group that you are a member of to the entity.

Example

You are a member of user group UG001. UG001 has User Management as the permission and Client001 as the associated entity.
You are also a member of user groups UG005, UG009, and UG015. These groups do not have User Management as a permission.
You are not a member of UG022.

From the Security tab in the Client Computer Properties for Client001 dialog box, you can add groups UG005, UG009, and UG015 to the Associated Groups list.
You cannot add group UG022.

Vault Tracker Operations

Associated CommCell Entities Available Tasks/Operations
CommCell Add, delete, and modify any of the following objects or operations:
  • Actions
  • Containers
  • Export Media from Backup/Auxiliary Copy Operations
  • Export Media using the Export Media Wizard
  • Iron Mountain ID
  • Library
  • Location
  • Media Repository
  • Recall Media
  • Tracking Policy
  • Vault Tracker Alerts
  • Vault Tracker Reports

    Note: This operation also requires the Report Management permission. Only information about objects available with the user's current Vault Tracker Operations permission level are displayed in the report.

Entities other than CommCell
  • Actions: details, set container, abort, picked up, reached destination
  • Containers: modify, delete, move all media, remove all media
  • Library: view and modify at the Vault tracker policy
  • Location: modify, delete
  • Media Repository: modify, delete, update barcode, add media
  • Tracking Policy: run, modify, delete, view media, view schedules, create schedules, set holidays
  • Vault Tracker Policy: create

View

Associated CommCell Entities Available Tasks/Operations
CommCell, Client Computer Groups, Client Computers, Libraries, MediaAgents, Storage Policies, Monitoring Policies, Vault Tracker Policies View the component details of the selected entity.
Role View the role so that it can be used in a security association. This permission is required if security was enabled for roles. For information on enabling security for roles, see Enabling Security on Roles. For information on all of the permissions needed to create security associations, see User Security Permissions and Permitted Actions by Feature: Security Associations.

Web Analytics

Associated CommCell Entities Available Tasks/Operations
CommCell Access Web Analytics in the Analytics section of the Web Console.