Create a Role
Roles define the actions that can be performed on the resources defined in a resource group. While a resource group defines the resources that will be made available to an account, a role sets the permissions to interact with the resources defined in the resource group. For example, if a resource group is created that includes IBM Spectrum Protect Plus Backup and Restore jobs, the role will determine how a user can interact with the jobs. Permissions can be set to allow a user to create, view, and run the Backup and Restore jobs defined in a resource group, but not delete them. Similarly, permissions can be set to create administrator accounts, allowing a user to create and edit other accounts, set up sites and resources, and interact with all of the available IBM Spectrum Protect Plus features.
Note that the functionality of a role is dependent on a properly configured resource group. When selecting a predefined role or configuring a custom role, you must ensure that access to necessary IBM Spectrum Protect Plus operations, screens, and resources align with the proposed usage of the role.
The following predefined roles are available.
Application Admin - The Application Admin role allows a user to register and modify application database resources delegated by an Administrator, as well as associate application databases to assigned SLA policies, perform backup and restore operations, and run and schedule reports delegated by an Administrator. Access to specific application servers must be granted by an Administrator through the
Backup Only - The Backup Only role allows a user to run, edit, and monitor existing backup operations, as well as view, create, and edit SLA Policies delegated by an Administrator. Access to resources, including specific backup jobs, must be granted by an Administrator through the
Restore Only - The Restore Only role allows a user to run, edit, and monitor existing restore operations, as well as create new restore jobs. Access to resources, including specific restore jobs, must be granted by an Administrator through the
Self Service - The Self Service role allows a user to monitor existing backup and restore operations delegated by an Administrator. Access to resources, including specific jobs, must be granted by an Administrator through the
SYSADMIN - The Administrator, or SYSADMIN role, provides access to all resources and privileges, which is comparable to the native administrator, or Super User role. No additional resource-specific privileges need to be granted for an Administrator. An Administrator can create new users, as well as edit, delete, and change the passwords of other users, with the exception of the Super User. An Administrator can also access the Administrative Console by selecting IBM Spectrum Protect Plus from the Authentication Type drop-down menu and entering their Administrator credentials. From the Administrative Console, the Administrator can apply software updates, restart the IBM Spectrum Protect Plus appliance, and set the local time zone.
VM Admin - The VM Admin role allows a user to register and modify hypervisor resources delegated by an Administrator, as well as associate hypervisors to assigned SLA policies, perform backup and restore operations, and run and schedule reports delegated by an Administrator. Access to resources available to a VM Admin must be granted by an Administrator through the
Note: If upgrading from a previous version of IBM Spectrum Protect Plus, permissions assigned to users in the previous version must be reassigned in IBM Spectrum Protect Plus 10.1.1.
Create a role:
- From the navigation menu, expand Accounts, then click Roles.
- Click Create Role. The Create Role pane displays.
- From the I would like to create a new role drop-down menu, select a creation method. Available options include New and From template.
- New - Select permissions to apply to the role. By default, none of the permissions are pre-selected.
- From template - Select an existing role from the Which role would you like to use as a template? drown-down menu. Permissions associated with the template role are selected. Select additional permissions to apply to the role.
- To view available permissions and their usage, see Permission Types.
- In the Name of the new role field, enter a name.
- Once complete, click Create Role. The role appears in the Roles table and can be applied to new and existing user accounts.
Next, create or import a user and apply a resource group and role to it. Accounts can be native to IBM Spectrum Protect Plus or can be imported as an LDAP group. See Create a User.
IBM Spectrum Protect Plus 10.1.2
Licensed Material - Property of IBM Corp. © IBM Corporation and other(s) 2018. IBM is a registered trademark of the IBM Corporation in the United States, other countries, or both. | 8/23/2018