Idea ID: 2752247

Role-Based Access Control (RBAC) in Data Protector

Status : Under Consideration
over 1 year ago

Brief description:

Data Protector should have Role-Based Access Control (RBAC) to provide a true multi-tenant configurations with one or multiple Cell Managers suitable for Managed Service Provider (MSP) and larger accounts with advanced security requirements.

Extend the current LDAP support and user management to:

  • Object ownership can be assigned to individual LDAP users and/or groups
  • Limit access to backup devices, clients and backups based on roles
  • Sensitive information such as encryption keys and passwords should be accessible only to the appropriate roles/tenants
  • Integrate with MoM to allow scaling above the limits of one Cell Manager


Integrate Data Protector security with an enterprise directory (e.g. Active Directory), define roles based on departments or a multi-tenant configuration supporting large amount of clients to share one Cell Manager and giving them access to their own data for management and self service restore.