Source:User Roles and Permissions: Difference between revisions

From SEPsesam
(Updating, in progress.)
mNo edit summary
Line 43: Line 43:
=={{anchor|UI_options}}Available interface options according to user type==
=={{anchor|UI_options}}Available interface options according to user type==


The operations and options available after login may differ depending on the user type. The following table shows which GUI and Web UI options are available depending on the user type. Note that almost all options are available in both interfaces, but may appear under a different name in the GUI and Web UI. For example, ''Logging'' in the GUI is called ''System Logs'' in the Web UI. For details on GUI and Web UI elements, see [[Special:MyLanguage/4_4_3_Beefalo:SEP_sesam_GUI|SEP sesam GUI]] and [[Special:MyLanguage/5_0_0:SEP_sesam_Web_UI|SEP sesam Web UI]].
The operations and options available after login may differ depending on the user type. The following table shows which GUI and Web UI options are available depending on the user type. Note that almost all options are available in both interfaces, but may appear under a different name in the GUI and Web UI. For example, the ''Logging'' option in the GUI is called ''System Logs'' in the Web UI. For details on GUI and Web UI elements, see [[Special:MyLanguage/4_4_3_Beefalo:SEP_sesam_GUI|SEP sesam GUI]] and [[Special:MyLanguage/5_0_0:SEP_sesam_Web_UI|SEP sesam Web UI]].


{{Note|Further restrictions of the GUI and Web UI display might depend on the custom roles with specific permissions and the  [[Special:MyLanguage/SEP_sesam_Glossary#UI_mode|UI mode]]. For the ''backup'', ''restore'' and ''operator'' users the UI mode is set to ''Advanced'' automatically and cannot be changed by these users (only ''superuser'' or ''admin'' can change it). For more details, see [[Special:MyLanguage/4_4_3_Beefalo:SEP_sesam_GUI#UI_mode|Selecting UI mode in the GUI]] and [[Special:MyLanguage/5_0_0:SEP_sesam_Web_UI#account|UI mode in the Web UI]].}}
{{Note|Further restrictions of the GUI and Web UI display might depend on the custom roles with specific permissions and the  [[Special:MyLanguage/SEP_sesam_Glossary#UI_mode|UI mode]]. For the ''backup'', ''restore'' and ''operator'' users the UI mode is set to ''Advanced'' automatically and cannot be changed by these users (only ''superuser'' or ''admin'' can change it). For more details, see [[Special:MyLanguage/4_4_3_Beefalo:SEP_sesam_GUI#UI_mode|Selecting UI mode in the GUI]] and [[Special:MyLanguage/5_0_0:SEP_sesam_Web_UI#account|UI mode in the Web UI]].}}

Revision as of 10:42, 18 October 2021

Template:Copyright SEP AG en

Draft.png WORK IN PROGRESS
This article is in the initial stage and may be updated, replaced or deleted at any time. It is inappropriate to use this document as reference material as it is a work in progress and should be treated as such.


Docs latest icon.png Welcome to the latest SEP sesam documentation version 5.0.0 Jaglion. For previous documentation version(s), check Documentation archive.


Overview

After activating authentication and configuring the users, you can grant or restrict access to SEP sesam Server, a specific resource or operation within the SEP sesam Server by selecting the appropriate user type (superuser, admin, backup, operator or restore) when adding users to groups.

Each user type represents a specific role in the SEP sesam with attached permissions (e.g. superuser has full control over SEP sesam) and these roles can be assigned to groups automatically based on external configuration or when configuring authentication.

In addition to user roles, there are several user permissions that you can set (attach to a role) to control access to specific resources or operations.

User types

User roles, based on the selected user type, are an access control mechanism for applying fine-grained control over access to the system and its options. The user type can be specified when configuring authentication and adding users to the groups. For details, see About Authentication and Authorization. Users can connect to SEP sesam Server only if they are granted appropriate permissions. Their user rights and also displayed GUI components depend on the user type. The user type can be specified when configuring authentication. For details, see About Authentication and Authorization.

User types

As of. SEP sesam version 5.0.0 Jaglion, the authentication and authorization is enhanced with two new user types – superuser, which replaces the previous Admin role, and backup user. (In previous SEP sesam versions the available user types were admin, operator and restore.) SEP sesam currently provides 5 user types. The following list shows the available user types and their corresponding rights.

  • Superuser (≥ Jaglion): The only user type with full control over the SEP sesam environment (previously Admin). This user type with superuser rights is automatically assigned to the Administrator and sesam users.
  • Administrator: Administrators can administer the SEP sesam system and access the GUI objects (except permission management) if not restricted by ACLs.
  • Operator: Operators can monitor the whole environment.
  • Backup (≥ Jaglion): Backup users can access the GUI objects granted by ACLs. They are allowed to start backups.
  • Restore: Restore users can access the GUI objects granted by ACLs. They are allowed to start restores.

Furthermore, different permissions can be assigned to users. This means that besides default permissions based on the selected user type, a superuser can also set custom user roles by configuring (ACLs). For example, by assigning the Restore user permission to a specific backup task, that user can start the task-related backup.

User permissions

To grant or restrict user access to specific objects, options, etc., you can set the following permissions:

  • Permissions based on user type: Access to SEP sesam Server, a specific resource, operation, and displayed GUI options depend on the selected user type. You can check which GUI options are available depending on the selected user type in the below table.
  • Access Control Lists (ACLs): ACL specifies which users or groups are granted access to specific objects (client, location, backup, etc.). Only users with superuser rights can configure ACLs. For details, see Using Access Control Lists

Available interface options according to user type

The operations and options available after login may differ depending on the user type. The following table shows which GUI and Web UI options are available depending on the user type. Note that almost all options are available in both interfaces, but may appear under a different name in the GUI and Web UI. For example, the Logging option in the GUI is called System Logs in the Web UI. For details on GUI and Web UI elements, see SEP sesam GUI and SEP sesam Web UI.

Information sign.png Note
Further restrictions of the GUI and Web UI display might depend on the custom roles with specific permissions and the UI mode. For the backup, restore and operator users the UI mode is set to Advanced automatically and cannot be changed by these users (only superuser or admin can change it). For more details, see Selecting UI mode in the GUI and UI mode in the Web UI.
GUI/Web UI option Superuser Adminstrator Backup Restore Operator
Import/Export DB YesY NoN NoN NoN NoN
Dashboard YesY YesY YesY NoN YesY
Restore Assistant YesY YesY YesY YesY NoN
Restore Wizard YesY YesY YesY YesY NoN
Immediate start: Backup YesY YesY YesY NoN NoN
Immediate start: Restore YesY YesY YesY YesY NoN
Immediate start: Migration, Replication, Media Action and Command YesY YesY NoN NoN NoN
Restart backups YesY YesY YesY NoN NoN
Restart migrations YesY YesY NoN NoN NoN
Cancel current running activities YesY YesY YesY NoN NoN
UI mode YesY YesY NoN NoN NoN
Defaults: Install/Update YesY YesY NoN NoN NoN
Defaults: Retention Periods YesY YesY NoN NoN NoN
Defaults: General (Help) YesY YesY NoN NoN NoN
Defaults: Permissions and Settings tabs YesY NoN NoN NoN NoN
Defaults: Extras (Log Download) YesY YesY NoN NoN NoN
Defaults: Extras (Task Name Template) YesY NoN NoN NoN NoN
Configuration: Permission Management YesY NoN NoN NoN NoN
Configuration: Media type, Command, Email Settings, Interfaces and UI Manager Defaults YesY YesY NoN NoN NoN
Current messages and performance YesY YesY NoN NoN NoN
Help: Email, License info, SEP Remote Support and Subscribe to RSS Feeds YesY YesY NoN NoN NoN
Notification Center YesY YesY NoN NoN NoN
Calendar Sheet YesY YesY YesY NoN NoN
Components (Topology, Clients, Data stores Loaders, Drives, Media pools and Media) YesY YesY NoN NoN NoN
Tasks by Clients YesY YesY YesY NoN NoN
Follow-up Events YesY YesY NoN NoN NoN
Tasks by Groups YesY YesY YesY NoN NoN
Backup Plans YesY YesY YesY NoN NoN
Migration Tasks YesY NoN NoN NoN NoN
Replication Tasks YesY NoN NoN NoN NoN
Tasks as List YesY YesY YesY NoN NoN
All Results by State YesY YesY NoN NoN YesY
Migrations and Replications by State YesY YesY NoN NoN YesY
Media Actions by State YesY YesY NoN NoN YesY
Monitoring Processes YesY YesY NoN NoN YesY
Monitoring Drives YesY YesY NoN NoN YesY
Logging YesY YesY NoN NoN YesY
Web UI: Next events YesY YesY YesY NoN NoN
Web UI: Reports YesY YesY NoN NoN YesY