Skip to main content
Version: 2.8

Super admin in Portworx Backup

A Super Administrator (super admin) in Portworx Backup (PXB) is a role (not a user) with extensive privileges designed to provide unified control over all backup-related resources within a Portworx Backup deployment. This role is similar to a super-user in other systems, that grants the ability to manage clusters, namespaces, cloud accounts, backups, restores, and more, regardless of the user who has created them. There can be more than one user with a super admin role based on organizational needs.

Super admin has visibility and full-access on the below PXB resources within the deployment. This includes resources created by other users, even those with administrative roles like infra admin (Infrastructure Administrator) or app admin (Applications Administrator):

  • Clusters
  • Namespaces
  • Virtual Machines
  • Cloud accounts
  • Backup locations
  • Schedule policies
  • Schedules
  • Backup rules
  • Backups
  • Restores

A super admin can perform the following tasks:

  • Can share all PXB (RBAC and non-RBAC) resources with any user, regardless of their role, even if the super admin is not the owner of those resources.
  • Can share only self-owned backups while sharing all backups of a cluster (with Share Cluster backups option).
  • Invite other users to any RBAC role or revoke access for those roles including the super admin role.
  • View and manage all clusters added in a PXB deployment. This includes clusters added by themselves, other super admins and users with any other role in PXB.
  • View and manage the backups, schedules, and restores of namespaces and VMs of all the clusters in the PXB deployment.
  • View, edit, remove, and manage all common backup resources, both RBAC and non-RBAC (cloud accounts, backup locations, schedules, rules, schedule policies, backups, restores) owned by any user belonging to any role.
  • View ownership details of both RBAC and non-RBAC PXB resources.
  • Can differentiate between two clusters with the same name using their metadata from the PXB web console.

Super admin role provides highest level of access in Portworx Backup environment, and grants the ability to manage resources globally, while still adhering to certain operational restrictions to prevent conflicts and maintain ownership integrity across users. Here are few such restrictions:

  • Cannot delete or unshare clusters (revoke access from shared clusters) if backup schedules exist on that cluster. To delete or unshare a cluster, all associated backup schedules should be deleted.
  • Can view and update the kubeconfig details for their own cluster but not for other users' clusters. However, they can update the kubeconfig by replacing it with a new kubeconfig details for other users.
  • Cannot delete a backup location if other users have created backups using that backup location.
  • Cannot share non-owned backups of a cluster (both on self-owned or non-owned). They can only share self-owned backups on any cluster.
  • Cannot override basic role assignment rules for the existing Portworx Backup roles.

Assign super admin role to a user

To assign super admin role to a user, perform the following tasks:

  1. Access Portworx Backup web console and login with user credentials.

  2. From the home page, go to left navigation pane.

  3. At the bottom of left navigation pane, click User Profile and select User Management.

  4. Choose the user to whom you want to assign super admin role, click on Vertical ellipsis at the end of the user row and select Manage Roles.

  5. In the Manage Roles window, click on Roles field and select px-backup-super-admin.

  6. Click Save.

This user will now get the PXB super admin role.

note
  • In the Cloud settings page of the Portworx Backup web console, the OWNER column shows Unknown (user_ID) if a user has been deleted from Keycloak.
  • When you revoke super admin role of a user, their access to the resources they do not own gets revoked. However, backup schedules remain active and the revoked super admin continues to own scheduled backups (with full access) from such backup schedules. Please take appropriate action either to suspend or remove those schedules.

Assign super admin role to a group

To assign super admin role to a group:

  1. Access Portworx Backup web console and login with user credentials.

  2. From the home page, go to left navigation pane.

  3. At the bottom of left navigation pane, click User Profile and select User Management.

  4. In the User Management tab, navigate to User > Groups choose the group to whom you want to assign super admin role, click on Vertical ellipsis at the end of the user row and select Manage Roles.

  5. In the Manage Roles window, click on Roles field and select px-backup-super-admin.

  6. Click Save.

This group will now get the PXB super admin role.

Related topics