5 1 0:User Roles and Permissions


Welcome to the latest SEP sesam documentation version 5.1.0 Apollon. For previous documentation version(s), check documentation archive.


Overview


After activating authentication and configuring the users, you can grant or restrict access to SEP sesam Server, a specific resource, or an operation within SEP sesam Server by selecting the appropriate user type (superuser, admin, backup, operator or restore) when adding users to groups.

Each user type represents a specific role in SEP sesam with attached permissions (e.g. superuser has full control over SEP sesam) and these roles can be assigned to groups automatically, based on external configuration or when configuring authentication.

In addition to user roles, there are various user permissions that you can set (attach to a role) to control access to specific resources or operations.

User types

User roles, based on the selected user type, are an access control mechanism for applying fine-grained control over access to the system and its options. The user type can be specified when configuring authentication and adding users to groups. For details, see About Authentication and Authorization. SEP sesam currently provides 5 user types. The following list shows the available user types and their corresponding rights.

  • Superuser (≥ Jaglion): The only user type with full control over the SEP sesam environment (previously Admin). This user type with superuser rights is automatically assigned to the Administrator and sesam users.
  • Administrator: Administrators can administer the SEP sesam system and access the GUI objects (except permission management) if not restricted by ACLs.
  • Operator: Operators can monitor the whole environment.
  • Backup (≥ Jaglion): Backup users can access the GUI objects granted by ACLs. They are allowed to start backups.
  • Restore: Restore users can access the GUI objects granted by ACLs. They are allowed to start restores.In addition, users can be assigned different permissions. This means that besides default permissions based on the selected user type, a superuser can also set custom user roles by configuring ACLs. For example, if you assign the Restore user permission to a specific backup task, that user can start the task-related backup.

User permissions

To grant or restrict user access to certain objects, options, etc., you can set the following permissions:

  • Permissions based on user type: Access to SEP sesam Server, a specific resource, an operation, and the GUI and Web UI options displayed depend on the user type you select. You can check which GUI/Web UI options are available depending on the selected user type in the below table.
  • Access Control Lists (ACLs): The ACL determines which users or groups are granted access to specific objects (client, location, backup, etc.). Only users with superuser rights can configure ACLs. For details, see Using Access Control Lists

Available interface options according to user type

The operations and options available after login may differ depending on the user type. The following table shows which GUI and Web UI options are available depending on the user type. Note that almost all options are available in both interfaces, but may appear under a different name in the GUI and Web UI. For example, the Logging option in the GUI is called System Logs in the Web UI. For details on GUI and Web UI elements, see SEP sesam GUI and SEP sesam Web UI.

  Note
Further restrictions of the GUI and Web UI display might depend on the custom roles with specific permissions and the UI mode. For the backup, restore and operator users the UI mode is set to Advanced automatically and cannot be changed by these users (only superuser or admin can change it). For more details, see Selecting UI mode in the GUI and UI mode in the Web UI.
GUI/Web UI option Superuser Adminstrator Backup Restore Operator
Import/Export DB  Y  N  N  N  N
Dashboard (Web UI)  Y  Y  Y  N  Y
Restore Assistant  Y  Y  Y  Y  N
Restore Wizard  Y  Y  Y  Y  N
Immediate start: Backup  Y  Y  Y  N  N
Immediate start: Restore  Y  Y  N  Y  N
Immediate start: Migration, Replication, Media Action and Command  Y  Y  N  N  N
Restart backups  Y  Y  Y  N  N
Restart migrations  Y  Y  N  N  N
Cancel current running activities  Y  Y  Y  N  N
UI mode  Y  Y  N  N  N
Defaults: Install/Update  Y  Y  N  N  N
Defaults: Retention Periods  Y  Y  N  N  N
Defaults: General (Help)  Y  Y  N  N  N
Defaults: Permissions and Settings tabs  Y  N  N  N  N
Defaults: Extras (Log Download)  Y  Y  N  N  N
Defaults: Extras (Task Name Template)  Y  N  N  N  N
Configuration: Permission Management  Y  N  N  N  N
Configuration: Media type, Command, Email Settings and Interfaces  Y  Y  N  N  N
Current messages and performance  Y  Y  N  N  N
Help: Email, License info, SEP Remote Support and Subscribe to RSS Feeds  Y  Y  N  N  N
Notification Center  Y  Y  N  N  N
Calendar Sheet  Y  Y  Y  N  N
Components (Clients, Data stores Loaders, Drives, Media pools and Media)  Y  Y  N  N  N
Tasks by Clients  Y  Y  Y  N  N
Follow-up Events  Y  Y  N  N  N
Tasks by Groups  Y  Y  Y  N  N
Backup Plans  Y  Y  Y  N  N
Migration Tasks  Y  N  N  N  N
Replication Tasks  Y  N  N  N  N
Tasks as List  Y  Y  Y  N  N
All Results by State  Y  Y  N  N  Y
Migrations and Replications by State  Y  Y  N  N  Y
Media Actions by State  Y  Y  N  N  Y
Monitoring Processes  Y  Y  N  N  Y
Monitoring Drives  Y  Y  N  N  Y
Logging  Y  Y  N  N  Y
Web UI: Next events  Y  Y  Y  N  N
Web UI: Reports  Y  Y  N  N  Y


See also

About Authentication and AuthorizationUsing Access Control Lists Troubleshooting Guide

Copyright © SEP AG 1999-2024. All rights reserved.
Any form of reproduction of the contents or parts of this manual is allowed only with the express written permission from SEP AG. When compiling and designing user documentation SEP AG uses great diligence and attempts to deliver accurate and correct information. However, SEP AG cannot issue a guarantee for the contents of this manual.