Only a user having the ADMINISTRATOR role is allowed to manage Arkeia Network Backup users.
User management tasks include the following:
When creating a new user, the administrator must provide following information:
Click on Create
to save the new user.
The name of an existing user cannot be changed. Any other user property can be modified: the role, the email and the restoration rights.
Click on Update
to save the changes.
To change a password, it is necessary to know the old password. Users who have forgotten their password will have to be deleted, then added as a new user.
Select the user to remove from the Select a user
list,
then click on Delete...
to remove the user.
It is possible to associate restoration rights to Arkeia Network Backup users having the USER role. Such restoration rights cannot be set either for administrators or for operators. As a matter of fact, administrators and operators have no restoration restrictions by default.
Restoration rights make it possible to define which backed up data a given user is allowed to restore, based on its full path. As a reminder, a data full path is defined like this in Arkeia Network Backup: machine_name!plugin_name:[volume]:/path.
User restoration rights are made of rules, each rule specifying explicitely whether a user is allowed to restore or not a given backed up path.
Next part provides detailed information about restoration rights rules.
User restoration rights are configured through the definition of a list of rules. There are two kind of rules:
this means that the user is allowed to restore all data paths for which no exception is specified.
this means that the user is NOT allowed to restore data paths for which no exception is specified.
rules specific to a given data path are actually exceptions to the configured 'default rule'. It is valid to setup no exception at all. In such a case, the 'default rule' only defines which data path the user is allowed to restore. So, if no exception is defined, either the user is allowed to restore all backed up data or it is allowed to restore nothing (which is equivalent to a disabled user).
Of course, in most cases, you want to setup exceptions. You can set as many exceptions as you want to a given user. There are two kinds of exceptions:
As we can see above, denied paths are prefixed by a small red icon, while allowed paths are prefixed by a small green icon.
Clicking the icon changes the exception state (from denied to allowed or from allowed to denied).
To make things clearer, let's see some useful examples of restoration rights. Again, a valid restore rights policy must include one sole default rule plus as many exceptions as you want.
Example 6 above raises one important question: what happens if conflicting exceptions are defined ?
The answer is quite simple: if conflicting exceptions are defined, then the most restrictive deny exception among the conflicting exceptions is actually applied.
Examples:
Here are some limitations of this system: