Pre-defined SnapCenter roles and permissions

SnapCenter ships with pre-defined roles, each with a set of permissions already enabled. When setting up and administering role-based access control (RBAC), you can either use these pre-defined roles or create new ones.

SnapCenter includes the following pre-defined roles:

For information about pre-defined roles and permissions for SnapCenter Plug-in for VMware vSphere users, see the information about SnapCenter Plug-in for VMware vSphere.

When you add a user to a role, you must assign either the StorageConnection permission to enable storage virtual machine (SVM) communication, or assign an SVM to the user to enable permission to use the SVM. The Storage Connection permission enables users to create SVM connections.

For example, a user with the SnapCenter Admin role can create SVM connections and assign them to a user with the App Backup and Clone Admin role, which by default does not have permission to create or edit SVM connections. Without an SVM connection, users cannot complete any backup, clone, or restore operations.

SnapCenter Admin role

The SnapCenter Admin role has all permissions enabled. You cannot modify the permissions for this role. You can add users and groups to the role or remove them.

App Backup and Clone Admin role

The App Backup and Clone Admin role has the permissions required to perform administrative actions for application backups and clone-related tasks. This role does not have permissions for host management, provisioning, storage connection management, or remote installation.

Permissions Enabled Create Read Update Delete
Resource Group Not applicable Yes Yes Yes Yes
Policy Not applicable Yes Yes Yes Yes
Backup Not applicable Yes Yes Yes Yes
Host Not applicable Yes Yes Yes Yes
Storage Connection Not applicable No Yes No No
Clone Not applicable Yes Yes Yes Yes
Provision Not applicable No Yes No No
Dashboard Yes Not applicable Not applicable Not applicable Not applicable
Reports Yes Not applicable Not applicable Not applicable Not applicable
Restore Yes Not applicable Not applicable Not applicable Not applicable
Resource Yes Yes Yes Yes Yes
Plug-in Install/Uninstall No Not applicable   Not applicable Not applicable
Migration No Not applicable Not applicable Not applicable Not applicable
Mount Yes Yes Not applicable Not applicable Not applicable
Unmount Yes Yes Not applicable Not applicable Not applicable
Full Volume Restore No No Not applicable Not applicable Not applicable

Backup and Clone Viewer role

The Backup and Clone Viewer role has read-only view of all permissions. This role also has permissions enabled for discovery, reporting, and access to the Dashboard.

Permissions Enabled Create Read Update Delete
Resource Group Not applicable No Yes No No
Policy Not applicable No Yes No No
Backup Not applicable No Yes No No
Host Not applicable No Yes No No
Storage Connection Not applicable No Yes No No
Clone Not applicable No Yes No No
Provision Not applicable No Yes No No
Dashboard Yes Not applicable Not applicable Not applicable Not applicable
Reports Yes Not applicable Not applicable Not applicable Not applicable
Restore No No Not applicable Not applicable Not applicable
Resource No No Yes Yes No
Plug-in Install/Uninstall No Not applicable Not applicable Not applicable Not applicable
Migration No Not applicable Not applicable Not applicable Not applicable
Mount Yes Not applicable Not applicable Not applicable Not applicable
Unmount Yes Not applicable Not applicable Not applicable Not applicable
Full Volume Restore No Not applicable Not applicable Not applicable Not applicable

Infrastructure Admin role

The Infrastructure Admin role has permissions enabled for host management, storage management, provisioning, resource groups, remote installation reports, and access to the Dashboard.

Permissions Enabled Create Read Update Delete
Resource Group Not applicable Yes Yes Yes Yes
Policy Not applicable No Yes Yes Yes
Backup Not applicable Yes Yes Yes Yes
Host Not applicable Yes Yes Yes Yes
Storage Connection Not applicable Yes Yes Yes Yes
Clone Not applicable No Yes No No
Provision Not applicable Yes Yes Yes Yes
Dashboard Yes Not applicable Not applicable Not applicable Not applicable
Reports Yes Not applicable Not applicable Not applicable Not applicable
Restore Yes Not applicable Not applicable Not applicable Not applicable
Resource Yes Yes Yes Yes Yes
Plug-in Install/Uninstall Yes Not applicable Not applicable Not applicable Not applicable
Migration No Not applicable Not applicable Not applicable Not applicable
Mount No Not applicable Not applicable Not applicable Not applicable
Unmount No Not applicable Not applicable Not applicable Not applicable
Full Volume Restore No No Not applicable Not applicable Not applicable