NetApp Backup and Recovery Identity and Access Management (IAM) roles
Suggest changes
PDFs
NetApp Backup and Recovery employs Identity and Access Management (IAM) to govern the access that each user has to specific features and actions.
The service uses the following roles that are specific to NetApp Backup and Recovery.
-
Backup and recovery super admin: Perform any actions in NetApp Backup and Recovery.
-
Backup and Recovery Backup admin: Perform backups to local snapshots, replicate to secondary storage, and back up to object storage actions in NetApp Backup and Recovery.
-
Backup and Recovery Restore admin: Restore workloads using NetApp Backup and Recovery.
-
Backup and Recovery Clone admin: Clone applications and data using NetApp Backup and Recovery.
-
Backup and recovery viewer: View information in NetApp Backup and Recovery, but not perform any actions.
For details about all NetApp Console access roles, see the Console setup and administration documentation.
Roles used for common actions
The following table indicates the actions that each NetApp Backup and Recovery role can perform for all workloads.
| Feature and action | Backup and recovery super admin | Backup and Recovery backup admin | Backup and Recovery restore admin | Backup and Recovery clone admin | Backup and Recovery viewer |
|---|---|---|---|---|---|
Add, edit, or delete hosts |
Yes |
No |
No |
No |
No |
Install plugins |
Yes |
No |
No |
No |
No |
Add credentials (host, instance, vCenter) |
Yes |
No |
No |
No |
No |
View dashboard and all tabs |
Yes |
Yes |
Yes |
Yes |
Yes |
Start free trial |
Yes |
No |
No |
No |
No |
Initiate discovery of workloads |
No |
Yes |
Yes |
Yes |
No |
View license information |
Yes |
Yes |
Yes |
Yes |
Yes |
Activate license |
Yes |
No |
No |
No |
No |
View hosts |
Yes |
Yes |
Yes |
Yes |
Yes |
Schedules: |
|||||
Activate schedules |
Yes |
Yes |
Yes |
Yes |
No |
Suspend schedules |
Yes |
Yes |
Yes |
Yes |
No |
Policies and protection: |
|||||
View protection plans |
Yes |
Yes |
Yes |
Yes |
Yes |
Create, modify, or delete protection |
Yes |
Yes |
No |
No |
No |
Restore workloads |
Yes |
No |
Yes |
No |
No |
Create clone, split clone, or delete clone |
Yes |
No |
No |
Yes |
No |
Create, modify, or delete policy |
Yes |
Yes |
No |
No |
No |
Reports: |
|||||
View reports |
Yes |
Yes |
Yes |
Yes |
Yes |
Create reports |
Yes |
Yes |
Yes |
Yes |
No |
Delete reports |
Yes |
No |
No |
No |
No |
Import from SnapCenter and manage host: |
|||||
View imported SnapCenter data |
Yes |
Yes |
Yes |
Yes |
Yes |
Import data from SnapCenter |
Yes |
Yes |
No |
No |
No |
Manage (migrate) host |
Yes |
Yes |
No |
No |
No |
Configure settings: |
|||||
Configure log directory |
Yes |
Yes |
Yes |
No |
No |
Associate or remove instance credentials |
Yes |
Yes |
Yes |
No |
No |
Buckets: |
|||||
View buckets |
Yes |
Yes |
Yes |
Yes |
Yes |
Create, edit, or delete bucket |
Yes |
Yes |
No |
No |
No |
Roles used for workload-specific actions
The following table indicates the actions that each NetApp backup and recovery role can perform for specific workloads.
Kubernetes workloads
This table indicates the actions that each NetApp backup and recovery role can perform for actions specific to Kubernetes workloads.
| Feature and action | Backup and recovery super admin | Backup and Recovery backup admin | Backup and Recovery restore admin | Backup and Recovery viewer |
|---|---|---|---|---|
View clusters, namespaces, storage classes, and API resources |
Yes |
Yes |
Yes |
Yes |
Add new Kubernetes clusters |
Yes |
Yes |
No |
No |
Update cluster configurations |
Yes |
No |
No |
No |
Remove clusters from management |
Yes |
No |
No |
No |
View applications |
Yes |
Yes |
Yes |
Yes |
Create and define new applications |
Yes |
Yes |
No |
No |
Update application configurations |
Yes |
Yes |
No |
No |
Remove applications from management |
Yes |
Yes |
No |
No |
View protected resources and backup status |
Yes |
Yes |
Yes |
Yes |
Create backups and protect applications with policies |
Yes |
Yes |
No |
No |
Unprotect apps and delete backups |
Yes |
Yes |
No |
No |
View recovery points and resource viewer results |
Yes |
Yes |
Yes |
Yes |
Restore applications from recovery points |
Yes |
No |
Yes |
No |
View Kubernetes backup policies |
Yes |
Yes |
Yes |
Yes |
Create Kubernetes backup policies |
Yes |
Yes |
Yes |
No |
Update backup policies |
Yes |
Yes |
Yes |
No |
Delete backup policies |
Yes |
Yes |
Yes |
No |
View execution hooks and hook sources |
Yes |
Yes |
Yes |
Yes |
Create execution hooks and hook sources |
Yes |
Yes |
Yes |
No |
Update execution hooks and hook sources |
Yes |
Yes |
Yes |
No |
Delete execution hooks and hook sources |
Yes |
Yes |
Yes |
No |
View execution hook templates |
Yes |
Yes |
Yes |
Yes |
Create execution hook templates |
Yes |
Yes |
Yes |
No |
Update execution hook templates |
Yes |
Yes |
Yes |
No |
Delete execution hook templates |
Yes |
Yes |
Yes |
No |
View workload summary and analytics dashboards |
Yes |
Yes |
Yes |
Yes |
View StorageGRID buckets and storage targets |
Yes |
Yes |
Yes |
Yes |