Data Protector should have Role-Based Access Control (RBAC) to provide a true multi-tenant configurations with one or multiple Cell Managers suitable for Managed Service Provider (MSP) and larger accounts with advanced security requirements.
Extend the current LDAP support and user management to:
- Object ownership can be assigned to individual LDAP users and/or groups
- Limit access to backup devices, clients and backups based on roles
- Sensitive information such as encryption keys and passwords should be accessible only to the appropriate roles/tenants
- Integrate with MoM to allow scaling above the limits of one Cell Manager
Integrate Data Protector security with an enterprise directory (e.g. Active Directory), define roles based on departments or a multi-tenant configuration supporting large amount of clients to share one Cell Manager and giving them access to their own data for management and self service restore.