Managing roles

Edit online

Roles define the actions that can be completed for the resources that are defined in a resource group. While a resource group defines the resources that are available to an account, a role sets the permissions to interact with the resources.

For example, if a resource group is created that includes backup and restore jobs, the role determines how a user can interact with the jobs. Permissions can be set to enable a user to create, view, and run the backup and restore jobs that are defined in a resource group, but not delete them.

Similarly, permissions can be set to create administrator accounts, enabling a user to create and edit other accounts, set up sites and resources, and interact with all of the available IBM Spectrum Protect Plus features.

The functionality of a role is dependent on a properly configured resource group. When selecting a predefined role or configuring a custom role, you must ensure that access to necessary IBM Spectrum Protect Plus operations, screens, and resources align with the proposed usage of the role.
About the SUPERUSER role: The SUPERUSER role provides the user with access to all IBM Spectrum Protect Plus functions. The SUPERUSER role can be assigned to only one account and that account is referred to as the superuser account. This superuser account and the SUPERUSER role are discussed in Managing the superuser account.
The following user account roles are available:
Application Admin
Users with the Application Admin can complete the following actions:
  • Register and modify application database resources that are delegated by an administrator
  • Associate application databases to assigned SLA policies
  • Complete backup and restore operations
  • Run and schedule reports to which the user has access
Access to resources must be granted by an administrator through the Accounts > Resource Groups pane.
Backup Only
Users with the Backup Only role can complete the following actions:
  • Create, view, and run backup operations
  • View, create, and edit SLA policies to which the user has access
Access to resources, including specific backup jobs, must be granted by an administrator by clicking Accounts > Resource Groups.
OC_MONITOR_ROLE
The OC_MONITOR_ROLE is created when an OC_MONITOR user is created by the IBM Spectrum Protect Operations Center. This role and user are required by the Operations Center to connect to the IBM Spectrum Protect Plus environment. The OC_MONITOR_ROLE is used only by the OC_MONITOR user and provides permissions that are required to connect the Operations Center to IBM Spectrum Protect Plus. Do not edit this role.
Restore Only
Users with the Restore Only role can complete the following actions:
  • Run, edit, and monitor restore operations.
  • View, create, and edit SLA Policies to which the user has access.
Access to resources, including specific restore jobs, must be granted by an administrator through the Accounts > Resource Groups pane.
Self Service
Users with the Self Service role can monitor existing backup and restore operations that are delegated by an administrator.
Access to resources, including specific jobs, must be granted by an administrator through the Accounts > Resource Groups pane.
SYSADMIN
The SYSADMIN role is the administrator role. This role provides access to all resources and privileges.
Users with this role can add users and complete the following actions for all users other than the user who is assigned the SUPERUSER role:
  • Modify and delete user accounts
  • Change user passwords
  • Assign user roles
VM Admin
Users with the VM Admin role can complete the following actions:
  • Register and modify hypervisor resources to which the user has access
  • Associate hypervisors to SLA policies
  • Complete backup and restore operations
  • Run and schedule reports to which the user has access
Access to resources must be granted by an administrator through the Accounts > Resource Groups pane.