Role privileges matrix

This topic provides an in-depth reference guide to the built-in roles available within Portworx Backup User Management. It outlines the access rights and privileges associated with different roles, including the Super Administrator, Infrastructure Administrator, Applications Administrator, and Applications User. This matrix is essential for understanding the permissions granted to each role for managing various Portworx Backup resources, ensuring a clear view of role-based access control (RBAC).

This topic also explains the RBAC resources which are governed by user roles and permissions and non-RBAC resources, which are accessible regardless of role. This detailed matrix helps administrators define user roles and access levels accurately, promoting security and operational clarity within Portworx Backup.

Portworx Backup offers the following default or built-in roles:

• Super administrator (px-backup-super.admin)
• Infrastructure administrator (px-backup-infra.admin)
• Applications administrator (px-backup-app.admin)
• Applications user (px-backup-app.user)

RBAC and non-RBAC Portworx Backup resources

1. The RBAC (Role-Based Access Control) resources listed here are directly associated with user roles and permissions within Portworx Backup, determining the access and management rights of users based on their assigned roles:

   • Backup locations
   • Cloud accounts
   • Schedule policies
   • Backup Rules
   • Roles
   • Users and User Groups

2. Non-RBAC resources are not dependent on RBAC and are accessible regardless of the user role. The following list outlines such resources:

   • Clusters
   • Namespaces
   • Virtual machines
   • Backup schedules
   • Backups
   • Restores

note

1. Infrastructure administrators, application administrator and application users can only view, edit, and delete the RBAC resources owned by them.
2. Owners of Portworx Backup RBAC resources can share their resources with the intended users and groups regardless of the role of the users or groups.
3. Portworx Backup roles can only view the non-owned owned RBAC resources shared with them by other roles.

Privileges of the super administrator

The PXB super admin role is designed with full access privileges across all RBAC and non-RBAC resources in PXB. This level of access allows the super admin to manage configurations, backups, restores, storage resources, and other functionalities. This role is critical for ensuring comprehensive management and oversight of the PXB environment.

The following table highlights the access control specifically for super admin privileges on RBAC resources:

Portworx Backup resources	Create	View	Edit	Delete
Cloud Accounts	Y	Y	Y	Y
Backup Locations	Y	Y	Y	Y
Schedule Policies	Y	Y	Y	Y
Rules	Y	Y	Y	Y
Roles	Y	Y	Y	Y
Users and User Groups	Y	Y	Y	Y

note

The Portworx super admin has unrestricted access to both non-RBAC resources within PXB.

Privileges of the infrastructure administrator

The infrastructure administrator permissions to access the Portworx Backup resources are:

Portworx Backup resources	Create	View	Edit	Delete
Cloud Accounts	Y	Y	Y	Y
Backup Locations	Y	Y	Y	Y
Schedule Policies	Y	Y	Y	Y
Rules	Y	Y	Y	Y
Roles	Y	Y	Y	Y
Users and User Groups	N	Y	Y	N

Privileges of the applications administrator

The applications administrator permissions to access the Portworx Backup resources are:

Portworx Backup resources	Create	View	Edit	Delete
Cloud Accounts	N	Y	N	N
Backup Locations	Y	Y	Y	Y
Schedule Policies	Y	Y	Y	Y
Rules	Y	Y	Y	Y
Roles	N	Y	N	N
Users and User Groups	N	N	N	N

Privileges of the applications user

The applications user permissions to access the Portworx Backup resources are:

Portworx Backup resources	Create	View shared resources	Edit	Delete
Cloud Accounts	N	Y	N	N
Backup Locations	N	Y	N	N
Schedule Policies	N	Y	N	N
Rules	N	Y	N	N
Roles	N	Y	N	N
Users and User Groups	N	N	N	N

Related topics:

• User Management
• User Mangement Overview
• Create roles
• Super administrator
• Revoke access