Role privileges matrix
The tables in this topic detail out the privileges associated with different built-in roles of Portworx Backup Security:
- Infrastructure administrator (
px-backup-infra.admin) - Applications administrator (
px-backup-app.admin) - Applications user (
px-backup-app.user)
RBAC and non-RBAC Portworx Backup resources
-
The RBAC (Role-Based Access Control) resources listed here are directly associated with user roles and permissions within Portworx Backup, determining the access and management rights of users based on their assigned roles:
- Backup locations
- Cloud accounts
- Schedule policies
- Rules
- Roles
- Users and User Groups
-
Non-RBAC resources are not dependent on RBAC and are accessible regardless of the user role. The following list outlines such resources:
- Clusters
- Namespaces
- Virtual machines
- Backups
- Restores
note
- Infrastructure administrators, application administrator and application users can only view, edit, and delete the RBAC resources owned by them.
- Owners of Portworx Backup RBAC resources can share their resources with the intended users and groups regardless of the role of the users or groups.
- Portworx Backup roles can only view the unowned RBAC resources shared with them by other roles.
Privileges of the infrastructure administrator
The infrastructure administrator permissions to access the Portworx Backup resources are:
| Portworx Backup resources | Create | View | Edit | Delete |
|---|---|---|---|---|
| Cloud Accounts | Y | Y | Y | Y |
| Backup Locations | Y | Y | Y | Y |
| Schedule Policies | Y | Y | Y | Y |
| Rules | Y | Y | Y | Y |
| Roles | Y | Y | Y | Y |
| Users and User Groups | N | Y | Y | N |
Privileges of the applications administrator
The applications administrator permissions to access the Portworx Backup resources are:
| Portworx Backup resources | Create | View | Edit | Delete |
|---|---|---|---|---|
| Cloud Accounts | N | Y | N | N |
| Backup Locations | Y | Y | Y | Y |
| Schedule Policies | Y | Y | Y | Y |
| Rules | Y | Y | Y | Y |
| Roles | N | Y | N | N |
| Users and User Groups | N | N | N | N |
Privileges of the applications user
The applications user permissions to access the Portworx Backup resources are:
| Portworx Backup resources | Create | View shared resources | Edit | Delete |
|---|---|---|---|---|
| Cloud Accounts | N | Y | N | N |
| Backup Locations | N | Y | N | N |
| Schedule Policies | N | Y | N | N |
| Rules | N | Y | N | N |
| Roles | N | Y | N | N |
| Users and User Groups | N | N | N | N |