Add Portworx Backup Roles

Applicable to both Classic and Federated modes

Follow the procedures in this topic to add and manage roles through Portworx Backup web console.

note

Only the infrastructure administrator can add and manage roles, users and groups.

Create roles

You can add a role with default permissions or assign specific permissions to a role to access Portworx Backup resources. By default, Portworx Backup displays the following pre-created roles:

• px-backup-super.admin
• px-backup-infra.admin
• px-backup-app.admin
• px-backup-app.user

The availability of built-in roles differs between Classic and Federated modes:

Role	Classic mode	Federated mode
px-backup-super.admin	Available	Available
px-backup-infra.admin	Available	Available
px-backup-app.admin	Available	Not available
px-backup-app.user	Available	Available

The following table summarizes the default permissions for each built-in role across Portworx Backup resources. For a detailed breakdown of Create / View / Edit / Delete operations per role, see the Role Privileges Matrix.

Resource	Super Admin	Infra Admin	App Admin	App User
Cloud accounts (Classic mode only)	Full access	Full access	View only	View only
Backup locations	Full access	Full access	Full access	View only
Schedule policies	Full access	Full access	Full access	View only
Rules	Full access	Full access	Full access	View only
Roles	Full access	Full access	View only	View only
Users and User Groups	Full access	View and edit only	No access	No access

You can leverage these built-in roles or create your own based on your organizational requirements.

To create a role:

1. On the home page, in the bottom bar of the left navigation pane, click User Profile and choose User Management.

2. In the User Management page, navigate to Roles tab and click Create Role.

3. In the Create Role window, enter the following information:

   • Name: enter the name of a role in lower case. Ensure the role name:

     • is unique, lower case, and not less than three alphanumeric characters

     • starts and ends with an alphanumeric character

     • cannot include blank space

     • includes a . or - to concatenate names

   • Description: enter a brief description about the role and available permissions to access Portworx Backup resources.

     

   • Choose either Full Access or View Only for the following Portworx Backup resources to assign the required level of access to the role you create:

     • Cloud accounts (Classic mode only)
     • Backup locations
     • Schedule policies
     • Volume resource only (VRO) policies
     • Rules
     • User roles

4. Click Create.

Portworx Backup displays the newly created role in the Roles tab in the order of creation.

Filter roles and mapped roles

Portworx Backup enables you to filter the existing roles and mapped roles in the Roles page.

To filter roles and mapped roles in the Roles tab:

1. On the home page, in the bottom bar of the left navigation pane, click User Profile and choose User Management.

2. In the User Management page, navigate to Roles tab.

3. In the Filter... search box, enter any character in a role or mapped role.

   

4. Press Enter or click anywhere outside the Filter… search box.

   The matching roles and mapped roles with the text you entered appear in the Roles tab of User Management.

5. To go back to the default Roles tab, click the x icon in the Filter… search box.

   note

   The Filter… search box in the Roles tab of User Management page is case-sensitive.

View role details

You can view the role name, description, and the permissions granted to any existing role.

To view role details:

1. In the Roles tab of User Management, select the vertical ellipsis (at the end of the row) for the role you want to view the details.

2. Select Show Details.

   

   The Role Details window displays role information.

   

Duplicate roles

Portworx Backup allows you to duplicate an existing role. Duplicating roles saves you time when creating multiple roles with similar permissions.

note

You cannot edit role permissions when duplicating a role.

To duplicate an existing role:

1. In the User Management > Roles tab, select the vertical ellipsis on the role you want to duplicate.

2. Select Duplicate.

   The Duplicate Role window appears.

   

3. (Optional) Enter a new role name and role description if required.

4. Click Duplicate.

   note

   If you do not change the role name, then Portworx Backup creates a duplicate role with this name: duplicate-of-*duplicate-role-name*.

Edit a role

note

Built-in roles (px-backup-super.admin, px-backup-infra.admin, px-backup-app.admin, px-backup-app.user) cannot be edited. This procedure applies to custom roles only.

To edit a custom role:

1. In the User Management > Roles tab, select the vertical ellipsis on the role you want to edit.

2. Select Edit.

   The Edit Role window appears.

3. Update the Name, Description, or resource permission settings as required.

4. Click Save.

Delete a role

note

Built-in roles cannot be deleted. This procedure applies to custom roles only.

To delete a custom role:

1. In the User Management > Roles tab, select the vertical ellipsis on the role you want to delete.

2. Select Delete.

3. In the confirmation dialog, click Delete to confirm.

The role is removed from Portworx Backup. Any users or groups previously assigned this role lose the associated permissions.