Concepts
Pre-defined SnapCenter roles and permissions
Suggest changes
PDFs
SnapCenter ships with pre-defined roles, each with a set of permissions already enabled. When setting up and administering role-based access control (RBAC), you can either use these pre-defined roles or create new ones.
SnapCenter includes the following pre-defined roles:
-
SnapCenter Admin role
-
App Backup and Clone Admin role
-
Backup and Clone Viewer role
-
Infrastructure Admin role
When you add a user to a role, you must assign either the StorageConnection permission to enable storage virtual machine (SVM) communication, or assign an SVM to the user to enable permission to use the SVM. The Storage Connection permission enables users to create SVM connections.
For example, a user with the SnapCenter Admin role can create SVM connections and assign them to a user with the App Backup and Clone Admin role, which by default does not have permission to create or edit SVM connections. Without an SVM connection, users cannot complete any backup, clone, or restore operations.
SnapCenter Admin role
The SnapCenter Admin role has all permissions enabled. You cannot modify the permissions for this role. You can add users and groups to the role or remove them.
App Backup and Clone Admin role
The App Backup and Clone Admin role has the permissions required to perform administrative actions for application backups and clone-related tasks. This role does not have permissions for host management, provisioning, storage connection management, or remote installation.
| Permissions | Enabled | Create | Read | Update | Delete |
|---|---|---|---|---|---|
Resource Group |
Not applicable |
Yes |
Yes |
Yes |
Yes |
Policy |
Not applicable |
Yes |
Yes |
Yes |
Yes |
Backup |
Not applicable |
Yes |
Yes |
Yes |
Yes |
Host |
Not applicable |
Yes |
Yes |
Yes |
Yes |
Storage Connection |
Not applicable |
No |
Yes |
No |
No |
Clone |
Not applicable |
Yes |
Yes |
Yes |
Yes |
Provision |
Not applicable |
No |
Yes |
No |
No |
Dashboard |
Yes |
Not applicable |
Not applicable |
Not applicable |
Not applicable |
Reports |
Yes |
Not applicable |
Not applicable |
Not applicable |
Not applicable |
Restore |
Yes |
Not applicable |
Not applicable |
Not applicable |
Not applicable |
Resource |
Yes |
Yes |
Yes |
Yes |
Yes |
Plug-in Install/Uninstall |
No |
Not applicable |
Not applicable |
Not applicable |
|
Migration |
No |
Not applicable |
Not applicable |
Not applicable |
Not applicable |
Mount |
Yes |
Yes |
Not applicable |
Not applicable |
Not applicable |
Unmount |
Yes |
Yes |
Not applicable |
Not applicable |
Not applicable |
Full Volume Restore |
No |
No |
Not applicable |
Not applicable |
Not applicable |
Job Monitor |
Yes |
Not applicable |
Not applicable |
Not applicable |
Not applicable |
Backup and Clone Viewer role
The Backup and Clone Viewer role has read-only view of all permissions. This role also has permissions enabled for discovery, reporting, and access to the Dashboard.
| Permissions | Enabled | Create | Read | Update | Delete |
|---|---|---|---|---|---|
Resource Group |
Not applicable |
No |
Yes |
No |
No |
Policy |
Not applicable |
No |
Yes |
No |
No |
Backup |
Not applicable |
No |
Yes |
No |
No |
Host |
Not applicable |
No |
Yes |
No |
No |
Storage Connection |
Not applicable |
No |
Yes |
No |
No |
Clone |
Not applicable |
No |
Yes |
No |
No |
Provision |
Not applicable |
No |
Yes |
No |
No |
Dashboard |
Yes |
Not applicable |
Not applicable |
Not applicable |
Not applicable |
Reports |
Yes |
Not applicable |
Not applicable |
Not applicable |
Not applicable |
Restore |
No |
No |
Not applicable |
Not applicable |
Not applicable |
Resource |
No |
No |
Yes |
Yes |
No |
Plug-in Install/Uninstall |
No |
Not applicable |
Not applicable |
Not applicable |
Not applicable |
Migration |
No |
Not applicable |
Not applicable |
Not applicable |
Not applicable |
Mount |
Yes |
Not applicable |
Not applicable |
Not applicable |
Not applicable |
Unmount |
Yes |
Not applicable |
Not applicable |
Not applicable |
Not applicable |
Full Volume Restore |
No |
Not applicable |
Not applicable |
Not applicable |
Not applicable |
Job Monitor |
Yes |
Not applicable |
Not applicable |
Not applicable |
Not applicable |
Infrastructure Admin role
The Infrastructure Admin role has permissions enabled for host management, storage management, provisioning, resource groups, remote installation reports, and access to the Dashboard.
| Permissions | Enabled | Create | Read | Update | Delete |
|---|---|---|---|---|---|
Resource Group |
Not applicable |
Yes |
Yes |
Yes |
Yes |
Policy |
Not applicable |
No |
Yes |
Yes |
Yes |
Backup |
Not applicable |
Yes |
Yes |
Yes |
Yes |
Host |
Not applicable |
Yes |
Yes |
Yes |
Yes |
Storage Connection |
Not applicable |
Yes |
Yes |
Yes |
Yes |
Clone |
Not applicable |
No |
Yes |
No |
No |
Provision |
Not applicable |
Yes |
Yes |
Yes |
Yes |
Dashboard |
Yes |
Not applicable |
Not applicable |
Not applicable |
Not applicable |
Reports |
Yes |
Not applicable |
Not applicable |
Not applicable |
Not applicable |
Restore |
Yes |
Not applicable |
Not applicable |
Not applicable |
Not applicable |
Resource |
Yes |
Yes |
Yes |
Yes |
Yes |
Plug-in Install/Uninstall |
Yes |
Not applicable |
Not applicable |
Not applicable |
Not applicable |
Migration |
No |
Not applicable |
Not applicable |
Not applicable |
Not applicable |
Mount |
No |
Not applicable |
Not applicable |
Not applicable |
Not applicable |
Unmount |
No |
Not applicable |
Not applicable |
Not applicable |
Not applicable |
Full Volume Restore |
No |
No |
Not applicable |
Not applicable |
Not applicable |
Job Monitor |
Yes |
Not applicable |
Not applicable |
Not applicable |
Not applicable |