Roles provide different levels of access to different types of users within your organization. These roles range from a “Super Admin” who has full access to all operations within the Clumio UI, to a Reporting/Audit Admin that has view only access to the UI and can generate reports.
From the Roles tab, you can view details about the available roles, and see the number of users assigned to each role. To assign a role to a user, or to change a user’s role, go to the Users tab.
The available roles and their permissions are as follows. There must always be at least one user who is assigned the Super Admin role. For other roles, there is no minimum or maximum number of users that can be assigned.
-
Super Admin: A user with the Super Admin role has full access to all operations within the UI, including organization-wide settings and granular record retrieval. The Super Admin cannot change their own role.
-
Organizational Unit Admin: Within their assigned Organizational Unit, a user with the OU Admin role has full access to all operations within the UI, with the exception of organization-wide settings. They have full access to databases, and can perform granular record retrieval.
-
Application Admin: A user with the Application Admin role has full access to all operations within the UI, with the exception of organization-wide settings. They have full access to databases, and can perform granular record retrieval.
-
Backup Admin: A user with the Backup Admin role can create policies, manage data sources, and schedule backups. They can perform all restores, including file and email level restores, but cannot do granular record retrieval. They do not have access to organization-wide settings.
-
Helpdesk Admin: A user with the Helpdesk Admin role has full access to API tokens, tasks, alerts, and audit logs. They have view access to policies, data sources, and reports. They can perform on-demand backups, and all restores, including file and email level restores, but cannot do granular record retrieval. They do not have access to organization-wide settings.
-
Reporting/Audit Admin: A user with the Reporting/Audit Admin role has view access to dashboards, policies, data sources, alerts and audit logs. They can view and generate reports.
The following table shows the role permissions by task:
| Permissions/Role | Super Admin | OU Admin | Backup Admin | Application Admin | Helpdesk Admin | Reporting/Audit Admin |
|---|---|---|---|---|---|---|
| Policy Management | Yes | Yes | Yes | Partial | Partial | Partial |
| Data Source Management | Yes | Yes | Yes | Partial | Partial | Partial |
| Perform Backup (Scheduled or On-demand) | Yes | Yes | Yes | Partial | Partial | No |
| Regular Restore | Yes | Yes | Yes | Yes | Yes | No |
| Redirected Granular Restore (things like GRR & content download) | Yes | Yes | Partial | Yes | Partial | No |
| Dashboards & Reports | Yes | Yes | Yes | Yes | Partial | Yes |
| Consumption Reports | Yes | Yes | No | No | No | Yes |
| Account Status (Tasks, Alerts and Audit Logs) | Yes | Yes | Yes | Yes | Yes | Partial |
| Access Management (User mgmt, OU, Role assignment) | Yes | Yes | No | No | No | No |
| Security Settings (SSO/MFA, IP Allow, Password expiry, KMS) | Yes | No | No | No | No | No |
| Role Management (Operations on custom roles) | Yes | No | No | No | No | No |
Assign a user role
You can assign a user role in the following ways:
-
For new users, choose a role when you invite them. See Users.
-
For existing users, go to Administration > Access Management > Users, and then click the modify icon in the Assigned role and organizational unit column to change the assigned role. See Users.
Custom roles
In addition to the predefined roles described above, you can create custom roles to define access based on your organization’s requirements. Custom roles allow you to assign specific permissions across different areas of the UI.
Custom roles are useful when predefined roles do not fully match the responsibilities of a user or team.
To learn more about creating and managing custom roles, see Custom Roles.