> Clumio user guide > Administer > Access management > Roles

Custom Roles

Custom roles allow you to define role-based access that aligns with your organization’s operational, security, and compliance requirements. Instead of relying solely on predefined roles, you can create roles with a tailored set of permissions.

Custom roles are useful when you need more granular control over access, such as providing view-only access to specific resources or enabling backup and restore operations without granting access to organization-wide settings.

Roles page

From Settings > Access Management > Roles, you can perform the following tasks:

  • View both built-in and custom roles.

  • Create new custom roles.

  • Modify permissions for existing custom roles.

  • Delete custom roles that are not currently assigned.

  • View the number of users assigned to each role.

Important notes

  • Built-in roles (such as Super Admin) are system-defined and cannot be modified.

  • You must ensure that at least one user is always assigned the Super Admin role.

  • Users are granted only the permissions included in their assigned role.

  • Changes to a role's permissions are applied to all users assigned to that role.

Permission categories

Permission category Access level What it allows
Policy management Full access Create, edit, activate/deactivate, and view policies.
Policy management Partial access View existing policies, policy summaries/rules, and related policy tasks.
Datasource management Full access View, add, update, and remove data sources and related connection/protection‑group configuration.
Datasource management Partial access View‑only access to data sources, connections, inventory, and protection status.
Backup management Full access Perform scheduled and on‑demand backups, and manage backup policy rule assignments.
Backup management Partial access Perform on‑demand backups and view backup details.
Regular restore Full access Perform standard restore operations (full restores and supported non‑record‑level restores).
Granular restore Full access Download content and perform granular/record‑level retrieval (where supported).
Granular restore Partial access Download content and use granular restore views, but cannot perform granular record retrieval actions.
Reports dashboard Full access Create and manage report/dashboard configurations and export reports.
Reports dashboard Partial access View dashboards/report data and export existing reports; cannot create report configurations.
User admin Full access Manage users, roles assignment, and organizational unit membership.
Special admin Full access Access and manage Tasks, Alerts, and Audit Logs (including alert/task updates).
Special admin Partial access Access Tasks, Alerts, and Audit Logs with limited alert/task actions (for example, no alert clear/update).
Security settings Full access Manage organization‑wide security settings (for example, MFA/SSO and related controls).
Reports consumption Full access Generate and manage consumption/usage reports, including report downloads.

Create a custom role

  1. Navigate to Settings > Access Management > Roles.
  2. Click Add new role.
  3. Enter a role name and optional description.
  4. Select the required permission categories.
  5. Click Save.

Edit a custom role

  1. Navigate to Settings > Access Management > Roles.
  2. Find the custom role and click the Edit icon in the Actions column.
  3. Update the role name, description, or permissions.
  4. Click Save.

Assign a custom role

To assign a custom role to a user:

  1. Navigate to Settings > Access Management > Users.
  2. Locate the user and click the edit icon in the Assigned role column.
  3. Select the desired custom role.
  4. Click Save.

Delete a custom role

  1. Navigate to Settings > Access Management > Roles.
  2. Locate the role and click the Delete icon in the Actions column.
  3. Confirm the deletion.

Note

A custom role cannot be deleted while it is assigned to one or more users.

Best practices

  • Follow the principle of least privilege by granting only the permissions required.

  • Separate backup and restore responsibilities where required for compliance.

  • Use view-only roles for audit and reporting purposes.

  • Periodically review custom roles and remove unnecessary permissions.

×

Loading...