Pre-defined SnapCenter roles and permissions

Contributors netapp-soumikd netapp-asubhas Download PDF of this page

SnapCenter ships with pre-defined roles, each with a set of permissions already enabled. When setting up and administering role-based access control (RBAC), you can either use these pre-defined roles or create new ones.

SnapCenter includes the following pre-defined roles:

  • SnapCenter Admin role

  • App Backup and Clone Admin role

  • Backup and Clone Viewer role

  • Infrastructure Admin role

When you add a user to a role, you must assign either the StorageConnection permission to enable storage virtual machine (SVM) communication, or assign an SVM to the user to enable permission to use the SVM. The Storage Connection permission enables users to create SVM connections.

For example, a user with the SnapCenter Admin role can create SVM connections and assign them to a user with the App Backup and Clone Admin role, which by default does not have permission to create or edit SVM connections. Without an SVM connection, users cannot complete any backup, clone, or restore operations.

SnapCenter Admin role

The SnapCenter Admin role has all permissions enabled. You cannot modify the permissions for this role. You can add users and groups to the role or remove them.

App Backup and Clone Admin role

The App Backup and Clone Admin role has the permissions required to perform administrative actions for application backups and clone-related tasks. This role does not have permissions for host management, provisioning, storage connection management, or remote installation.

Permissions Enabled Create Read Update Delete

Resource Group

Not applicable

Yes

Yes

Yes

Yes

Policy

Not applicable

Yes

Yes

Yes

Yes

Backup

Not applicable

Yes

Yes

Yes

Yes

Host

Not applicable

Yes

Yes

Yes

Yes

Storage Connection

Not applicable

No

Yes

No

No

Clone

Not applicable

Yes

Yes

Yes

Yes

Provision

Not applicable

No

Yes

No

No

Dashboard

Yes

Not applicable

Not applicable

Not applicable

Not applicable

Reports

Yes

Not applicable

Not applicable

Not applicable

Not applicable

Restore

Yes

Not applicable

Not applicable

Not applicable

Not applicable

Resource

Yes

Yes

Yes

Yes

Yes

Plug-in Install/Uninstall

No

Not applicable

Not applicable

Not applicable

Migration

No

Not applicable

Not applicable

Not applicable

Not applicable

Mount

Yes

Yes

Not applicable

Not applicable

Not applicable

Unmount

Yes

Yes

Not applicable

Not applicable

Not applicable

Full Volume Restore

No

No

Not applicable

Not applicable

Not applicable

Job Monitor

Yes

Not applicable

Not applicable

Not applicable

Not applicable

Backup and Clone Viewer role

The Backup and Clone Viewer role has read-only view of all permissions. This role also has permissions enabled for discovery, reporting, and access to the Dashboard.

Permissions Enabled Create Read Update Delete

Resource Group

Not applicable

No

Yes

No

No

Policy

Not applicable

No

Yes

No

No

Backup

Not applicable

No

Yes

No

No

Host

Not applicable

No

Yes

No

No

Storage Connection

Not applicable

No

Yes

No

No

Clone

Not applicable

No

Yes

No

No

Provision

Not applicable

No

Yes

No

No

Dashboard

Yes

Not applicable

Not applicable

Not applicable

Not applicable

Reports

Yes

Not applicable

Not applicable

Not applicable

Not applicable

Restore

No

No

Not applicable

Not applicable

Not applicable

Resource

No

No

Yes

Yes

No

Plug-in Install/Uninstall

No

Not applicable

Not applicable

Not applicable

Not applicable

Migration

No

Not applicable

Not applicable

Not applicable

Not applicable

Mount

Yes

Not applicable

Not applicable

Not applicable

Not applicable

Unmount

Yes

Not applicable

Not applicable

Not applicable

Not applicable

Full Volume Restore

No

Not applicable

Not applicable

Not applicable

Not applicable

Job Monitor

Yes

Not applicable

Not applicable

Not applicable

Not applicable

Infrastructure Admin role

The Infrastructure Admin role has permissions enabled for host management, storage management, provisioning, resource groups, remote installation reports, and access to the Dashboard.

Permissions Enabled Create Read Update Delete

Resource Group

Not applicable

Yes

Yes

Yes

Yes

Policy

Not applicable

No

Yes

Yes

Yes

Backup

Not applicable

Yes

Yes

Yes

Yes

Host

Not applicable

Yes

Yes

Yes

Yes

Storage Connection

Not applicable

Yes

Yes

Yes

Yes

Clone

Not applicable

No

Yes

No

No

Provision

Not applicable

Yes

Yes

Yes

Yes

Dashboard

Yes

Not applicable

Not applicable

Not applicable

Not applicable

Reports

Yes

Not applicable

Not applicable

Not applicable

Not applicable

Restore

Yes

Not applicable

Not applicable

Not applicable

Not applicable

Resource

Yes

Yes

Yes

Yes

Yes

Plug-in Install/Uninstall

Yes

Not applicable

Not applicable

Not applicable

Not applicable

Migration

No

Not applicable

Not applicable

Not applicable

Not applicable

Mount

No

Not applicable

Not applicable

Not applicable

Not applicable

Unmount

No

Not applicable

Not applicable

Not applicable

Not applicable

Full Volume Restore

No

No

Not applicable

Not applicable

Not applicable

Job Monitor

Yes

Not applicable

Not applicable

Not applicable

Not applicable