You will need to have:
- A Protector account with Default Administrator ACP authority. You will already have a <Username>@Master login with this authority if you installed Protector on the Master node. If you do not have an account with this authority then you will need to request one from your Protector administrator.
- Knowledge of users and user groups who require access to Protector and their data protection roles and responsibilities.
- The details of any authentication services that you intend to use to authenticate Protector users (e.g. Active Directory, LDAP, RADIUS etc.)
Refer to Access Control Concepts and Access Control UI Reference for further information.
Protector implements RBAC to control what actions users can perform on which resources. The RBAC implementation is extremely flexible and can be configured to be as open or restrictive as an organization demands.
This procedure will allow you to get up and running quickly, however to fully utilize RBAC's features you will need to setup a more advanced RBAC implementation. Refer to How to configure advanced role based access control for details on how to do this.
Protector includes the following built-in access control objects:
- The 'default' Resource Group that all Protector nodes are a member of by default.
- The Roles:
- Protector Admin that can perform all activities.
- Protector Security Manager that can perform all access control activities.
- Protector Operator that can view all resources and perform restore activities.
- The Access Control Profile:
- Default Administrator that can perform all activities on all (default) resources.
- The 'Master' Authentication Space that represents the local authentication service on the Master node's OS.
- The following Access Control Profile Association (depending on the UserName of the account on the Master node specified when Protector was installed):
- <UserName>@Master that represents a user that has Default Administrator privileges.
This topic explains how to implement a basic RBAC policy: