User Administration and Security Overview
All users who perform functions within the CommCell environment must have a CommCell user account (local user) or be a member of a domain (external user) registered with the CommCell environment. Two types of user security are available.
Role-based security is typically used for administrators who need permissions on multiple entities. To use role-based security, you must create a security association between users or user groups, a role, and entities:
- User or user group: The CommCell user or external user (for example, an Active Directory user) who is given access.
- Role: A collection of permissions that defines the level of access granted to a user or a user group. Permissions allow users to perform tasks such as performing backup, restore, and administrative operations (for example, license administration) on entities.
- Entity: A logical or physical component, for example, a client or a storage policy, that a user can access based on the user's role.
Security associations can be added at the user level, user-group level, or directly on an entity.
Users can perform functions within the CommCell environment after the following steps are complete:
- Create a role.
- Create CommCell users.
- Create a CommCell user group.
- Optional: Add an external Active Directory group.
- Add a security association.
Owner security is typically used for end users who need permissions on very few client entities, for example, a user needs permission to restore files to a laptop. Permissions are assigned to all client owners at once by assigning client owner permissions at the CommCell level. Administrators also have the flexibility to set client owner permissions at the client computer group and client levels.