Skip to main content
NetApp Console setup and administration

Ransomware Resilience access roles for NetApp Console

Contributors netapp-ahibbard netapp-tonias

Ransomware Resilience roles provide users access to NetApp Ransomware Resilience. Ransomware Resilience supports the following roles:

Baseline roles

  • Ransomware Resilience admin - Configure Ransomware Resilience settings; investigate and respond to encryption alerts

  • Ransomware Resilience viewer - View encryption incidents, reports, and discovery settings

User behavior activity roles
Suspicious user activity detection alerts provide visibility into data such as file activity events; these alerts include file names and file actions (such as Read, Write, Delete, Rename) performed by the user. To limit the visibility of this data, only users with these roles can manage or view these alerts.

  • Ransomware Resilience user behavior admin - Activate suspicious user activity detection, investigate and respond to suspicious user activity alerts

  • Ransomware Resilience user behavior viewer - View suspicious user activity alerts

Note User behavior roles are not standalone roles; they are designed to be added to Ransomware Resilience admin or viewer roles. For more information, see User behavior roles.

Consult the following tables for detailed descriptions of each role.

Baseline roles

The following table describes the actions available to the Ransomware Resilience admin and viewer roles.

Feature and action Ransomware Resilience admin Ransomware Resilience viewer

View dashboard and all tabs

Yes

Yes

On dashboard, update recommendation status

Yes

No

Start free trial

Yes

No

Initiate discovery of workloads

Yes

No

Initiate rediscovery of workloads

Yes

No

On the Protect tab:

Add, modify, or delete protection plans for encryption policies

Yes

No

Protect workloads

Yes

No

Identify exposure to sensitive data with Data Classification

Yes

No

List protection plans and details

Yes

Yes

List protection groups

Yes

Yes

View protection group details

Yes

Yes

Create, edit, or delete protection groups

Yes

No

Download data

Yes

Yes

On the Alerts tab:

View encryption alerts and alert details

Yes

Yes

Edit encryption incident status

Yes

No

Mark encryption alert for recovery

Yes

No

View encryption incident details

Yes

Yes

Dismiss or resolve encryption incidents

Yes

No

Get full list of impacted files in encryption event

Yes

No

Download encryption event alerts data

Yes

Yes

Block user (with Workload Security agent configuration)

Yes

No

On the Recover tab:

Download impacted files from encryption event

Yes

No

Restore workload from encryption event

Yes

No

Download recovery data from encryption event

Yes

Yes

Download reports from encryption event

Yes

Yes

On the Settings tab:

Add or modify backup destinations

Yes

No

List backup destinations

Yes

Yes

View connected SIEM targets

Yes

Yes

Add or modify SIEM targets

Yes

No

Configure readiness drill

Yes

No

Start, reset, or edit readiness drill

Yes

No

Review readiness drill status

Yes

Yes

Update discovery configuration

Yes

No

View discovery configuration

Yes

Yes

On the Reports tab:

Download reports

Yes

Yes

User behavior roles

To configure suspicious user behavior settings and respond to alerts, a user must have the Ransomware Resilience user behavior admin role. To only view suspicious user behavior alerts, a user should have the Ransomware Resilience user behavior viewer role.

User behavior roles should be conferred on users with existing Ransomware Resilience admin or viewer priviliges who need access to suspicious user activity settings and alerts. A user with the Ransomware Resilience admin role, for example, should receive the Ransomware Resilience user behavior admin role to configure user activity agents and block or unblock users. The Ransomware Resilience user behavior admin role should not be conferred on a Ransomware Resilience viewer.

Note To activate suspicious user activity detection, you must have the Console Organization admin role.

The following table describes the actions available to the Ransomware Resilience user behavior admin and viewer roles.

Feature and action Ransomware Resilience user behavior admin Ransomware Resilience user behavior viewer

On the Settings tab:

Create, modify, or delete user activity agent

Yes

No

Create or delete user directory connector

Yes

No

Pause or resume data collector

Yes

No

Run data breach readiness drill

Yes

No

On the Protect tab:

Add, modify, or delete protection plans for suspicious user behavior policies

Yes

No

On the Alerts tab:

View user activity alerts and alert details

Yes

Yes

Edit user activity incident status

Yes

No

Mark user activity alert for recovery

Yes

No

View user activity incident details

Yes

Yes

Dismiss or resolve user activity incidents

Yes

No

Get full list of impacted files
by suspicious user

Yes

Yes

Download user activity event alerts data

Yes

Yes

Block or unblock user

Yes

No

On the Recover tab:

Download impacted files for user activity event

Yes

No

Restore workload from user activity event

Yes

No

Download recovery data from user activity event

Yes

Yes

Download reports from user activity event

Yes

Yes