User roles available for each service

One user can have several roles but only one role per service.

For each service, you can define which role will be assigned to a user.

The services that are available to you are configured by your service provider.
Service Role Description
n/a Company administrator

This role grants full administrator rights for all services.

This role grants access to the corporate allowlist. If the Disaster Recovery add-on to the Protection service is enabled for the company, this role also grants access to the disaster recovery functionality.
Management Portal Administrator

This role grants access to the management portal where the administrator can manage users within the entire organization.

Read-only administrator

Partner level

 This role provides read-only access to all objects in the partner's management portal and the management portal of all this partner's customers. Such users can access data of other users of the organizations in the read-only mode. They are able to edit protection plans, but they cannot save any changes to scripting plans, monitoring plans, or agent plans.

Read-only administrator

Customer level

 This role provides read-only access to all objects in the Management Portal of the entire company. Such users can access data of other users of the organization in read-only mode.

Read-only administrator

Unit level

 This role provides read-only access to all objects in the management portal of the company unit and sub-units. Such users can access data of other users of the organization in the read-only mode.
Vendor Portal Developer

This role provides full access to the Vendor Portal. Developers can create and manage CyberApps, CyberApp Descriptions and CyberApp Versions. They can also submit deployment requests and monitor CyberApp metrics.

User

 This role allows the user to create, manage, request approvals of CyberApp Descriptions.

Read-only user

 This role provides read-only access to the Vendor Portal.

Protection

 Cyber administrator

In addition to the Administrator role rights, this role enables configuring and managing the Protection service, and approving actions in Cyber Scripting.

The Cyber administrator role is only available for tenants with enabled Advanced Management pack.

Administrator

This role enables configuring and managing the Protection service for your customers.

This role is required for configuring and managing the Disaster Recovery functionality and the corporate allowlist, and for autodiscovery of devices.
Read-only administrator

The role provides read-only access to all objects of the Protection service. Such users can access data of other users of the organization in the read-only mode.

The read-only administrator cannot configure and manage the Disaster Recovery functionality or the corporate allowlist.

User This role enables using the Protection service but without administrative privileges. Access is provided to functionality such as Endpoint Detection and Response, but users assigned this role cannot access the data of other users in the organization.
Restore operator The role provides access to backups of Microsoft 365 and Google Workspace organizations and allows their recovery, while restricting the access to sensitive content.
File Sync & Share Administrator This role enables configuring and managing File Sync & Share for your users.
Cyber Infrastructure Administrator This role enables configuring and managing Cyber Infrastructure for your users.
Advanced Automation There are a number of roles that can be assigned to Advanced Automation users. For more information, see Advanced Automation roles.
Partner Portal There are a number of roles that can be assigned to Partner portal users. For more information, see Partner portal roles.
Notary Administrator This role enables configuring and managing Notary for your users.
User This role enables using the Notary service but without administrative privileges. Such users cannot access data of other users of the organization.
The Vendor portal is available exclusively to technology partners who registered on the Acronis Technology Ecosystem website after October 04, 2023.
If you are a vendor looking to build an integration with Acronis and require access to the Vendor portal and a dedicated Sandbox, please follow the instructions.

Read-only administrator role

An account with this role has read-only access to the Cyber Protect console and can do the following:

  • Collect diagnostic data, such as system reports.

  • See the recovery points of a backup, but cannot drill down into the backup contents and cannot see files, folders, or emails.

A read-only administrator cannot do the following:

  • Start or stop any tasks.

    For example, a read-only administrator cannot start a recovery or stop a running backup.

  • Access the file system on source or target machines.

    For example, a read-only administrator cannot see files, folders, or emails on a backed-up machine.

  • Change any settings.

    For example, a read-only administrator cannot create a protection plan or change any of its settings.

  • Create, update, or delete any data.

    For example, a read-only administrator cannot delete backups.

All UI objects that are not accessible for a read-only administrator are hidden, except for the default settings of the protection plan. These settings are shown, but the Save button is not active.

Any changes related to the accounts and roles are shown on the Activities tab with the following details:

  • What was changed
  • Who did the changes
  • Date and time of changes

Restore operator role

This role is available only in the Protection service and is limited to Microsoft 365 and Google Workspace backups.

A restore operator can do the following:

  • View alerts and activities.
  • Browse and refresh the list of backups.
  • Browse backups without accessing their content. The Restore operator can see the names of the backed-up files and the subjects and senders of the backed-up emails.
  • Search backups (full text search is not supported).
  • Recover cloud-to-cloud backups to their original location within the original Microsoft 365 or Google Workspace organization.

A restore operator cannot do the following:

  • Delete alerts.
  • Add or delete Microsoft 365 or Google Workspace organizations.
  • Add, delete, or rename backup locations.
  • Delete or rename backups.
  • Create, delete, or rename folders when recovering a backup to a custom location.
  • Apply a backup plan or run a backup.
  • Access backed-up files or the content of backed-up emails.
  • Download backed-up files or email attachments.
  • Send backed-up cloud resources, such as emails or calendar items, as email.
  • View or recover Microsoft 365 Teams conversations.
  • Recover cloud-to-cloud backups to non-original locations, such as a different mailbox, OneDrive, Google Drive, or Microsoft 365 Team.