Managing roles
A role determines the scope of actions that can be performed in the HYCU for Azure data protection environment by a specific user or service principal. This means that access to data and information within the data protection environment is limited based on the assigned role. As an administrator, you can manage these roles and define what actions can be performed by each authority.
Considerations
- Each user that signs in to HYCU for Azure or each configured service principal has by default the Administrator role assigned unless set otherwise. For details on changing the default role, see “Changing the default role”.
- At least one user and one service principal that have the Administrator role assigned must exist in the data protection environment.
- If multiple protection sets are available in your data protection environment, a user or a service principal has the same role in all protection sets within the same subscription.
- If a user or a service principal has access to multiple subscriptions, they can have different roles assigned in different subscriptions. The user can also switch among these subscriptions while being signed in to HYCU for Azure.
To access the Roles dialog box, click on the toolbar, and then select Roles.
HYCU for Azure roles
A user or a service principal can be assigned one or more of the following roles:
Role | Allowed actions |
---|---|
Viewer | Acquire information about virtual machines, policies, targets, tasks, events, reports, service principals, and protection sets in the data protection environment. |
Backup Operator |
Acquire the same information as Viewer, define backup strategies, and back up virtual machines. |
Restore Operator |
Acquire the same information as Viewer and restore virtual machines. |
Protégé Operator | Reserved for service principals. Migrate protected data from the on-premises environment to Azure and the other way round by using the HYCU SpinUp functionality. For details on how to employ HYCU Protégé, see HYCU documentation. |
Administrator | Perform all actions in the data protection environment. |
Changing a role
Consideration
If you plan to change your own role, keep in mind that you will not be able to change it back to Administrator yourself.
Procedure
-
In the Roles dialog box, from the list of available authorities (users and service principals), select the one to which you want to assign a different role.
t Tip You can also search for an authority by entering its name in the Search field.
- Click Change Role. The Role Change dialog box opens.
-
From the Role drop-down menu, select the role that you want to assign to the user or the service principal.
n Note You can assign multiple roles to the same user or service principal if the needs of your data protection environment require it.
Changing the default role
You can at any time change the default role for users and service principals. This means that all new users that sign in to HYCU for Azure and all newly configured service principals will automatically acquire the new default role.
Procedure
- Click Change Role next to Default Role at the upper right of the Roles dialog box. The Default Role Change dialog box opens.
- From the Role drop-down menu, select which role you want to be the default one.
- Click Save.
Deleting a user
Considerations
-
Deleting a user from HYCU for Azure does not remove it from Azure.
- You cannot delete yourself from HYCU for Azure.
- Any upcoming data protection tasks related to the user that you delete will be automatically assigned to you.
Procedure
-
In the Roles dialog box, from the list of available users, select the one that you want to delete.
t Tip You can also search for a user by entering their name in the Search field.
- Click Remove. The Remove dialog box opens.
-
Click Yes to confirm that you want the selected user to be deleted from HYCU for Azure.