Skip to main content
NetApp Backup and Recovery

Set up role-based access control in NetApp Backup and Recovery

Contributors netapp-mwallis
PDFs

To increase security and control resource access, configure role-based access for NetApp Backup and Recovery. The NetApp Console supports role-based access control (RBAC) for some Backup and Recovery workloads. You can assign administrative or viewer roles specific to these workloads. Other workloads that do not yet support role-based access control remain accessible to all users with Backup and Recovery roles until project-level association is supported.

Follow these steps to control access to resources in your organization. Make changes in the Administration > Identity and access page in the NetApp Console menu.

Note These steps assume that you are assigned the Organization Admin role in the Console.
Steps

  1. Create the identity and access project structure.

    As an Organization admin, set up the Identity and access folder and project structure where workloads will reside.

  2. Assign user roles.

    1. Primary option:

      Add users to each project designated for workloads and grant them the appropriate role. For example:

      • Organization admin and Backup and Recovery super admin: A user with these roles can see all resources in all organizations, and discover Backup and Recovery workloads and assign them to projects (for example, US East or US West).

      • Folder or project admin and Backup and Recovery super admin: A user with these roles can see only the resources in the folder or project they have permissions for, but can discover Backup and Recovery workloads and assign them to that project.

    2. Alternative option:

      Instead of granting a user full Backup and Recovery admin access, you can assign yourself the Backup and Recovery super admin role and discover the workloads directly.

  3. Discover workloads in Backup and Recovery.

    Organization admins or Folder or project admins discover the workloads that are available and select the appropriate project (such as US East or US West). Each workload is automatically associated with the selected project.

  4. Add users to projects.

    Organization admins or Folder/project admins add Console users to projects with workloads. Assign users the Organization viewer role and a Backup and Recovery role based on their access needs. Users with the right Backup and Recovery role will automatically gain access to new workloads in these projects.