User roles available for each service
One user can have several roles but only one role per service.
For each service, you can define which role will be assigned to a user.
Service | Role | Description |
---|---|---|
n/a | Company administrator |
This role grants full administrator rights for all services. This role grants access to the corporate allowlist. If the Disaster Recovery add-on to the Protection service is enabled for the company, this role also grants access to the disaster recovery functionality. |
Management Portal | Administrator |
This role grants access to the management portal where the administrator can manage users within the entire organization. |
Read-only administrator Partner level |
This role provides read-only access to all objects in the partner's management portal and the management portal of all this partner's customers. Such users can access data of other users of the organizations in the read-only mode. They are able to edit protection plans, but they cannot save any changes to scripting plans, monitoring plans, or agent plans. | |
Read-only administrator Customer level |
This role provides read-only access to all objects in the Management Portal of the entire company. Such users can access data of other users of the organization in read-only mode. | |
Read-only administrator Unit level |
This role provides read-only access to all objects in the management portal of the company unit and sub-units. Such users can access data of other users of the organization in the read-only mode. | |
Vendor Portal | Developer |
This role provides full access to the Vendor Portal. Developers can create and manage CyberApps, CyberApp Descriptions and CyberApp Versions. They can also submit deployment requests and monitor CyberApp metrics. |
User |
This role allows the user to create, manage, request approvals of CyberApp Descriptions. | |
Read-only user |
This role provides read-only access to the Vendor Portal. | |
Protection |
Cyber administrator |
In addition to the Administrator role rights, this role enables configuring and managing the Protection service, and approving actions in Cyber Scripting. The Cyber administrator role is only available for tenants with enabled Advanced Management pack. |
Administrator |
This role enables configuring and managing the Protection service for your customers. This role is required for configuring and managing the Disaster Recovery functionality and the corporate allowlist, and for autodiscovery of devices. |
|
Read-only administrator |
The role provides read-only access to all objects of the Protection service. Such users can access data of other users of the organization in the read-only mode. The read-only administrator cannot configure and manage the Disaster Recovery functionality or the corporate allowlist. |
|
User | This role enables using the Protection service but without administrative privileges. Access is provided to functionality such as Endpoint Detection and Response, but users assigned this role cannot access the data of other users in the organization. | |
Restore operator | The role provides access to backups of Microsoft 365 and Google Workspace organizations and allows their recovery, while restricting the access to sensitive content. | |
File Sync & Share | Administrator | This role enables configuring and managing File Sync & Share for your users. |
Cyber Infrastructure | Administrator | This role enables configuring and managing Cyber Infrastructure for your users. |
Advanced Automation | There are a number of roles that can be assigned to Advanced Automation users. |
|
Partner Portal | There are a number of roles that can be assigned to Partner portal users. For more information, see Partner portal roles. | |
Notary | Administrator | This role enables configuring and managing Notary for your users. |
User | This role enables using the Notary service but without administrative privileges. Such users cannot access data of other users of the organization. |
If you are a vendor looking to build an integration with Acronis and require access to the Vendor portal and a dedicated Sandbox, please follow the instructions.
Read-only administrator role
An account with this role has read-only access to the Cyber Protect console and can do the following:
-
Collect diagnostic data, such as system reports.
-
See the recovery points of a backup, but cannot drill down into the backup contents and cannot see files, folders, or emails.
A read-only administrator cannot do the following:
-
Start or stop any tasks.
For example, a read-only administrator cannot start a recovery or stop a running backup.
-
Access the file system on source or target machines.
For example, a read-only administrator cannot see files, folders, or emails on a backed-up machine.
-
Change any settings.
For example, a read-only administrator cannot create a protection plan or change any of its settings.
-
Create, update, or delete any data.
For example, a read-only administrator cannot delete backups.
All UI objects that are not accessible for a read-only administrator are hidden, except for the default settings of the protection plan. These settings are shown, but the Save button is not active.
Any changes related to the accounts and roles are shown on the Activities tab with the following details:
- What was changed
- Who did the changes
- Date and time of changes
Restore operator role
This role is available only in the Protection service and is limited to Microsoft 365 and Google Workspace backups.
A restore operator can do the following:
- View alerts and activities.
- Browse and refresh the list of backups.
- Browse backups without accessing their content. The Restore operator can see the names of the backed-up files and the subjects and senders of the backed-up emails.
- Search backups (full text search is not supported).
- Recover cloud-to-cloud backups to their original location within the original Microsoft 365 or Google Workspace organization.
A restore operator cannot do the following:
- Delete alerts.
- Add or delete Microsoft 365 or Google Workspace organizations.
- Add, delete, or rename backup locations.
- Delete or rename backups.
- Create, delete, or rename folders when recovering a backup to a custom location.
- Apply a backup plan or run a backup.
- Access backed-up files or the content of backed-up emails.
- Download backed-up files or email attachments.
- Send backed-up cloud resources, such as emails or calendar items, as email.
- View or recover Microsoft 365 Teams conversations.
- Recover cloud-to-cloud backups to non-original locations, such as a different mailbox, OneDrive, Google Drive, or Microsoft 365 Team.