User management

Edit online

Data Resiliency Serviceis managed through access points. Access points grant users, individuals and user groups, permission to access and modify listed resources.

Access

The Access menu in Data Resiliency Service is the central place for managing user access and viewing access point definitions.

Data Resiliency Service manages access to actions, resources, and integrations by using a concept called Access points. Access points are a simple but powerful mechanism for grouping common elements of the Data Resiliency Service. Access points allow security administrators to authorize users to access resources and actions they need in the Data Resiliency Service.

Data Resiliency Service defines the following three authorities to simplify the rights to resources that are granted to a user:

Viewer: Able to view all properties and information about resources or integrations in Data Resiliency Service.
Editor: Able to edit properties and information about resources available within their Access points and authority grants, where applicable. Users with the Editor authority cannot create or delete resources.
Administrator: All rights of Editor, and the ability to create or delete resources where applicable, and disable or enable integrations, within their Access points and authority grants.

Security administrators can assign users and groups access to Access point based on resource location. A resource location is determined based on the location of the connection manager, which provides information about the source device of the resource. When updating Access point memberships, security administrators can select the location they want access to be scoped to for the users and groups. Users and groups can be added to an Access point repeatedly, if the location scope of authority does not overlap. For example, a security administrator can add a user to the All resources Access point as an Editor for all locations, and as an Administrator for a single location.

The DRS Actions and Governance profile Access points do not have location scoped authority. Applying a location scope of authority to the All resources Access point effectively grants no authority to DRS Actions and Governance profile resources.

The following image illustrates the concept of access points for different users:

Access points

The Access points page helps you to manage access points. Access points are predefined collections of actions, resources, and integrations, which are managed as a single unit.

By default, users have the Viewer access in the All resources Access point and can view everything in the Data Resiliency Service. The users can be granted Editor or Administrator authority to the All resources Access point as needed.

Note: Users with Administrator authority to the All resources Access point have full authority to perform all actions in Data Resiliency Service. No additional access point assignments are required or allowed for these users.

Exception: If a user is assigned through an All resources access point for a specific location, the user automatically inherits authority over DRS Actions and Governance profile access points across all locations. Location-based scoping does not apply to these access points.

The Access points page shows all the predefined Access points and related permissions.

The following table lists all predefined Access points available in Data Resiliency Service.

Table 1. Access points definitions
Access points	Permissions
All resources	All functions available to other access points in the Data Resiliency Service. Editor and Administrator accesses are equivalent to granting corresponding accesses for all other Access points. Viewer access is granted by default. Viewer: View all functions in the Data Resiliency Service. Editor: View and update all functions in the Data Resiliency Service. Administrator: View, create, update, and remove all functions in the Data Resiliency Service.
Recovery groups	Actions that are associated with recovery groups (except group generation), applications, and sensors. Editor: View and update applications, and recovery groups (except Generate groups), and perform actions that are related to sensors (except remove). Administrator: View, create, update, and remove applications, and recovery groups (except Generate groups) and perform all actions that are related to sensors (including remove).
DRS Actions	Assign and resolve actions, generate recovery groups, delete RU calculator historical entries, and manage email notification access. Editor: Generate recovery groups (locking/unlocking groups, including/excluding resources, resolving/dismissing events) and assign or resolve actions. Administrator: Generate recovery groups (locking/unlocking groups, including/excluding resources, resolving/dismissing events), assign and resolve actions, delete RU calculator historical entries, and manage email notification access.
Governance profile	Actions that are associated with governance profiles. Editor: View and update governance profiles. Administrator: View, create, update, and remove governance profiles.
Connection managers	Actions that are associated with API keys, connection managers (including update), and source management (including credentials). Administrator: Perform all actions that are associated with API keys, connection managers (including update), and source management (including credentials). Only Administrator access is available for Connection managers.
Integrations	Actions that are associated with third-party integrations (except email notifications) in the Data Resiliency Service. Editor: View and update third-party integrations (except email notifications) in the Data Resiliency Service. Administrator: View, create, update, and remove third-party integrations (except email notifications) in the Data Resiliency Service.
Clean room profiles	Actions that are associated with clean room profiles. Editor: View and update clean room profiles. Administrator: View, create, update, and remove clean room profiles.