Managing roles
Roles define the actions that can be completed for the resources that are defined in a resource group. While a resource group defines the resources that are available to an account, a role sets the permissions to interact with the resources.
For example, if a resource group is created that includes backup and restore jobs, the role determines how a user can interact with the jobs. Permissions can be set to enable a user to create, view, and run the backup and restore jobs that are defined in a resource group, but not delete them.
Similarly, permissions can be set to create administrator accounts, enabling a user to create and edit other accounts, set up sites and resources, and interact with all of the available IBM Spectrum Protect Plus features.
- Application Admin
- Users with the Application Admin can complete the following actions:
- Register and modify application database resources that are delegated by an administrator
- Associate application databases to assigned SLA policies
- Complete backup and restore operations
- Run and schedule reports to which the user has access
- Backup Only
- Users with the Backup Only role can complete the following actions:
- Create, view, and run backup operations
- View, create, and edit SLA policies to which the user has access
- OC_MONITOR_ROLE
- The OC_MONITOR_ROLE is created when an OC_MONITOR user is created by the IBM Spectrum Protect Operations Center. This role and user are required by the Operations Center to connect to the IBM Spectrum Protect Plus environment. The OC_MONITOR_ROLE is used only by the OC_MONITOR user and provides permissions that are required to connect the Operations Center to IBM Spectrum Protect Plus. Do not edit this role.
- Restore Only
- Users with the Restore Only role can complete the following actions:
- Run, edit, and monitor restore operations.
- View, create, and edit SLA Policies to which the user has access.
- Self Service
- Users with the Self Service role can monitor existing backup and restore operations that are delegated by an administrator.
- SYSADMIN
- The SYSADMIN role is the administrator role. This role provides access to all resources and privileges.
- VM Admin
- Users with the VM Admin role can complete the following actions:
- Register and modify hypervisor resources to which the user has access
- Associate hypervisors to SLA policies
- Complete backup and restore operations
- Run and schedule reports to which the user has access