Client Permissions

Client Computer Group

• Modify client computer group properties

• Set Activity Control from the client computer group level

• Delete client computer groups

  Note

  This operation requires additional permissions. For information, see the permission list in Client Computer Group.

• Add clients to or remove clients from a client computer group.

  Note

  This operation requires additional permissions. For information, see the permission list in Client Computer Group.

• Modify smart client computer group rules (automatic associations)

  Note

  This operation requires additional permissions. For information, see the permission list in Client Computer Group.

Client

• Set Activity Control from the client level.

• Define Operational Window rules from the client level.

• Modify and set the job priority for a client.

• Set Data Encryption at the client level.

• Deconfigure a client.

• Delete a client.

• Enable privacy.

• Create an Oracle RAC client.

• Create a DB2 MultiNode pseudo-client.

Agent

• Set Activity Control from the agent level.

• Modify and perform operations specific to an agent.

• Enable software compression for an agent.

• Set Data Encryption at the Subclient level.

• De-configure an agent.

• Define operation rules at the agent level.

• Configure a pre-process or post-process.

• Add a pre-process and post-process for data recovery operations.

• Remove a pre-process and post-process for data protection/archive operations.

• Configure, activate, and deactivate snapshots.

• Create a subclient policy with subclient association.

  Note

  • This operation also requires the View permission at the storage policy level.

  • Any user can create a subclient policy that does not have any subclient association.

• Create a Replication Set.

Backup Set

• Create a new on-demand backup set.

• Create, modify, and delete a backup set.

• Create and delete a subclient.

• Associate or disassociate a backup set to a subclient policy.

Subclient

• Modify a subclient.

• Enable global filters for a subclient.

• Create data protection filters for a subclient.

Instance/Partition

Create, modify, and delete an instance/partition.

Replication Set

• Modify and delete a Replication Set.

• Create, modify, and delete a Replication Pair.

Replication Pair

Delete a Replication Pair.

Client where the Workflow Engine is installed

Deploy a workflow.

Agent, Backup Set, Instance/Partition/Subclient

• Create and clone a Data Protection Schedule Policy.

  Note: This operation also requires the Create Schedule Policy permission at the CommCell level.

• Modify a Data Protection Schedule Policy.

  Note: This operation also requires the Edit Schedule Policy permission at the schedule policy level.

• Decouple a scheduled job from a schedule policy.

  Note: This operation also requires the Edit Schedule Policy permission at the schedule policy level.

• Run the schedules of a schedule policy immediately.

• Add, modify, disable, delete, and view data protection operation schedules.

• Add, modify, disable, delete, and view data recovery operation schedules.

  Note: The user who created the schedule can also view it without any permission or object association.

• Schedule Data Collection Jobs at Agent and Subclient level.

Replication Set

Schedule the creation and back up of a Recovery Point.

Storage Policy

Create and clone an auxiliary copy schedule policy.

Note: Additional permissions are required. For information, see the permission list in Auxiliary Copy Schedule Policy.

CommCell/Client group/Client/Agent/Backup Set

• Add/edit annotations to discovered files/emails.

• Add comments to items in review sets.

CommCell/Client group/Client/Agent/Backup Set/Instance/Partition/Subclient/Replication Set

• Perform a browse operation at the appropriate levels.

• View the list of media required for browse/data recovery operations.

• Search CommCell domain for data related to any user on the associated object.

• View backup job history/backup data.

• Delete backed up data and archived data.

  Note

  You need to be assigned permission to delete backup data and archive data from the Web Console.

CommCell/Client group/Client/Agent/Backup Set

Access the Compliance Search page to search email messages or files related to any user on the associated entity.

Entities associated with a schedule policy

Add entities to or remove entities from a Data Protection schedule policy.

Backup set

Run on demand data protection jobs.

Agent

• Remove a pre-process and post-process for data protection/archive operations.

• Run/Schedule Data Collection Jobs.

Backup Set, Instance/Partition, Subclient

• Configure and perform archive operations.

• Configure and perform the following data protection operations:

  • Backups including synthetic full backups

  • Archives

  • Migrations

  Note: The associated object is the object from which the data protection operation is being initiated.

Agent, Backup Set, Instance/Partition/Subclient

• Add, modify, disable, delete, and view data protection operation schedules.

  Note: The user who created the schedule can also view it without any permission or object association.

• Run/Schedule Data Collection Jobs.

  If this task/operation is performed at the level for which the schedules were created:

• Create, clone, and modify a Data Protection Schedule Policy.

• Decouple a scheduled job from a schedule policy.

  Note: This operation also requires the Edit Schedule Policy permission at the schedule policy level.

• Run the schedules of a schedule policy immediately.

  Note: Only a user who created the schedule policy or a user who is associated with all of the objects associated with the schedule policy can change the schedule pattern.

Replication Set

• Create Recovery Point.

• Back up Recovery Point.

Client, Subclient

Backup copy:

• Copy the snapshots of the data to any media.

• Create additional standby copies of data.

  Note: The backup copy operations also require the Storage Policy Management permission at the storage policy level.

Storage Policy

Create and clone an auxiliary copy schedule policy.

Note: Additional permissions are required. For information, see the permission list in Auxiliary Copy Schedule Policy.

CommCell/Client Computer Groups/Client

Download one or more files and folders from the Web Console to a specific location on the local machine.

CommCell/Client Computer Groups/Client

Download previous versions of files during a Salesforce metadata comparison.

Web Server Client

• View Download Center in the Web Console.

• View and download packages in the Download Center.

• Publish reports to the Download Center.

• Upload packages to Download Center.

• Edit package information.

• Delete packages from Download Center.

CommCell/Client group/Client/Agent/Backup Set

• Search CommCell domain for data related to the logged in user with permissions to the user on the associated object.

• Perform Browse, Restore, and Delete Data operations with the Windows File System (ACLs based).

• UNIX File System: Perform restores by impersonating users. For more information, see Restores Using End-User Permission.

Client/Agent (virtualization only)

Recover full virtual machines to their original location. The user performing the restore must own the virtual machines being recovered.

Client/Agent/Backup Set/Instance/Partition/Replication Set

Note for File System Agents: To overwrite files during a restore to the same location for a client or an agent, the Overwrite on Restore permission is required.

• Restore Data Using a Map File and Restore by Jobs procedures

  • If data is being recovered to the same destination as the original data protection operation

  • If data is being recovered to a different destination than the original data protection operation

• Browse and recover to the same place as the original data protection operation. These operations include:

  • Copyback

  • Restore

  • Recovery

  • Retrieve

• Virtual machine recovery:

  • Recover guest files and folders to their original location.

  • Attach virtual machine disks of a backed up virtual machine (source virtual machine) to an existing virtual machine (target virtual machine).

  • To recover full virtual machines to their original location, use the In Place Full Machine Recovery permission.

• Add pre-processes and post-processes for data recovery operations.

Add, modify, disable, delete, and view data recovery operation schedules.

Note: The user who created the schedule can also view it without any permission or object association.

• Automatic and manual mount point creation for snapshots that comprise a Recovery Point for ContinuousDataReplicator.

• Search CommCell domain for data related to any user on the associated object.

Client

Install software (on existing clients). Note: This operation requires this permission only when the Authentication for Agent Installs feature is enabled.

• View Download Center in the Web Console.

• Publish reports to Download Center.

• View and download packages in the Download Center.

Install an agent on the client in the CommCell. Note: This operation requires this permission only when the Authentication for Agent Installs feature is enabled.

Install or uninstall software using the CommCell Console. Note: This operation requires this permission only when the Authentication for Agent Installs feature is enabled.

CommCell/Client group/Client/Agent/Backup Set

• Create and Modify Legal Hold.

• Add search items to Legal Hold.

• Retrieve data from Legal Hold.

CommCell/Client group/Client

User can browse backed up data and live (not backed up) data on the client computer. User can also browse data on network share location. This feature is available in the Web Console.

Client/Agent (virtualization only)

Recover full virtual machines to a location other than the original location. The user performing the restore must own the virtual machines being recovered.

Backup Set, Replication Set, or Instance/Partition at the source client

and

Browse and In Place Recovery permission at the agent level of the destination client.

If the destination client is on a different platform than the source client (for example, a Unix File System client and a Windows File System client), then Browse and In Place Recovery with at least client level association at the destination client is needed.

• Restore Data Using a Map File and Restore by Jobs

  • Source Client

• Browse and recover to a different place than the original data protection operation. These operations include:

  • Copyback

  • Restore

  • Recovery

  • Retrieve

    • Virtual machine recovery:

      • Recover guest files and folders to a different destination client.

      • Attach virtual machine disks of a backed up virtual machine (source virtual machine) to an existing virtual machine (target virtual machine).

      • To recover full virtual machines to a location other than the original location, use the Out of Place Full Machine Recovery permission.

• Add pre-processes and post-processes for data recovery operations.

Add, modify, disable, delete, and view data recovery operation schedules.

Note: The user who created the schedule can also view it without any permission or object association.

• Automatic and manual mount point creation for snapshots that comprise a Recovery Point for ContinuousDataReplicator.

• Search CommCell domain for data related to any user on the associated object.

Client/Agent

File system agents: Overwrite files during a restore to the same location.

Note: This operation also requires the In Place Recover permission.

Client

Created and managed by the system to enable the sharing framework for Compliance Search and End-User Search.

Subclient

Run subclient pre-process commands and post-process commands using a local system account.

Subclient

Run subclient pre-process commands and post-process commands using an impersonated user.

Any entity

User can share files and folders with other users from the Web Console.

CommCell/Client group/Client/Agent/Backup Set

• Create/Modify/Delete tags.

• Associate tags with items. Dissociate tags from items.

CommCell/Client group/Client

Upload one or more files and folders to a specific location in the client computer from the Web Console.

CommCell

• Configure remote access between Windows clients.

• Update the client computer or client computer group VPN Config tab.