Roles
Roles provide different levels of access to different types of users within your organization. These roles range from a “Super Admin” who has full access to all operations within the Clumio UI, to a Reporting/Audit Admin that has view only access to the UI and can generate reports.
From the Roles tab, you can view details about the available roles, and see the number of users assigned to each role. To assign a role to a user, or to change a user’s role, go to the Users tab.
The available roles and their permissions are as follows. There must always be at least one user who is assigned the Super Admin role. For other roles, there is no minimum or maximum number of users that can be assigned.
- Super Admin: A user with the Super Admin role has full access to all operations within the UI, including organization-wide settings and granular record retrieval. The Super Admin cannot change their own role.
- Organizational Unit Admin: Within their assigned Organizational Unit, a user with the OU Admin role has full access to all operations within the UI, with the exception of organization-wide settings. They have full access to databases, and can perform granular record retrieval.
- Application Admin: A user with the Application Admin role has full access to all operations within the UI, with the exception of organization-wide settings. They have full access to databases, and can perform granular record retrieval.
- Backup Admin: A user with the Backup Admin role can create policies, manage data sources, and schedule backups. They can perform all restores, including file and email level restores, but cannot do granular record retrieval. They do not have access to organization-wide settings.
- Helpdesk Admin: A user with the Helpdesk Admin role has full access to API tokens, tasks, alerts, and audit logs. They have view access to policies, data sources, and reports. They can perform on-demand backups, and all restores, including file and email level restores, but cannot do granular record retrieval. They do not have access to organization-wide settings.
- Reporting/Audit Admin: A user with the Reporting/Audit Admin role has view access to dashboards, policies, data sources, alerts and audit logs. They can view and generate reports.
The following table shows the role permissions by task:
| Permissions | Reporting/Audit Admin | Helpdesk Admin | Backup Admin | Application Admin | Organizational Unit Admin | Super Admin |
|---|---|---|---|---|---|---|
| Policies: Create or edit | _ | _ | x | x | x | x |
| Policies:View | x | x | x | x | x | x |
| Data sources: Add, edit, delete | _ | _ | x | x | x | x |
| Data sources: View | x | x | x | x | x | x |
| Backups: Perform scheduled backups | _ | _ | x | x | x | x |
| Backups: Perform on-demand backups | _ | x | x | x | x | x |
| Restores: Perform full and granular restores | _ | x | x | x | x | x |
| Restores: Perform redirected granular restores* Only applies to EBS/EC2 data sources. | _ | x | x | x | x | x |
| Restores: Perform granular record retrieval* Only applies to RDS data sources. | _ | _ | _ | x | x | x |
| Reports:Generate and save reports | x | _ | x | x | x | x |
| Reports: Export reports | x | x | x | x | x | x |
| Organization-wide settings | _ | _ | _ | _ | x (within the assigned OU) | x |
x = has permission
– = no permission
*\ Does not apply to S3.
Assign a user role
You can assign a user role in two ways:
- For new users, choose a role when you invite them. See Invite a user for details.
- For existing users, go to Administration > Access Management > Users, and click the edit icon in the Assigned role and organizational unit column to change the assigned role. See Change a user role for details.
Updated 4 months ago