Skip to main content

Who is this article for?

Code42 for EnterpriseSee product plans and features
CrashPlan for Small Business 

CrashPlan for Small Business, no.

Code42 for Enterprise, yes.

Link: Product plans and features.

This article applies to versions 6 and 7.

Other available versions:

CloudLink: What version am I on?

Code42 Support

Roles reference

Overview

Your Code42 environment has a pre-existing set of user roles that can be applied to user accounts. These standard user roles generally provide administrators with the fine-grained set of permissions needed for most use cases. In addition, you can create your own custom roles for more flexible management of user permissions within your Code42 environment. This article describes the available standard roles, as well as the permissions, limitations, and recommended use cases for each role.

 To assign roles to users, see Manage user roles.

View all roles

  1. Sign into the Code42 administration console as a user with the SYSADMIN role. 
  2. Navigate to Settings > Security > Roles.
  3. Under the Roles list, select a role.
    The permissions granted by the selected role are displayed in the right pane under Permissions.

View roles.

Standard roles

The following pre-existing roles can be applied to user accounts. There may be additional custom roles in your Code42 environment. 

Admin Restore

  • Recommended use case
    • Assign in conjunction with a role that has access to the administration console and Code42 app
  • Administrator functions
  • End user functions
    • None
  • Limitations
    • No access to the administration console or Code42 app
  • Scope of permissions
    • All organizations
  • Permissions
    • restore: Perform a full web restore for all devices user has authority to manage.

Admin Restore Limited

  • Recommended use case
    • Assign in conjunction with a role that has access to the administration console and Code42 app
  • Administrator functions
  • End user functions
    • None
  • Limitations
    • Restore limit is configurable from Settings > Organization (250 MB by default)
    • No access to the administration console or Code42 app
  • Scope of permissions
    • All organizations 
  • Permissions
    • restore.limited: Perform a limited size web restore for all devices user has authority to manage.

Alert Emails

(Version 6.7.2 and later)

  • Recommended use case
    • Organization administrators who want to monitor the frequency and success of backup operations for their users' devices
  • Administrator functions
    • Allows administrators to receive automated backup reports and backup alerts by email
  • End user functions
    • None
  • Limitations 
    • No "root" level access
  • Scope of permissions
    • All organizations
  • Permissions
    • receives.alert.email: Receive automated backup reports and alerts by email.

All Org Admin 

  • Recommended use case
    • IT staff who need to perform administrative tasks, but who should not have "root" level access
  • Administrator functions
  • End user functions
    • Allows end users to perform personal backups from the Code42 app and administration console
  • Limitations 
    • None
  • Scope of permissions
    • All organizations
  • Permissions
    • allcomputer: Access, alter or remove any computer information in any organization.
    • allorg: Create, alter or delete information in any organization.
    • allplan: Create, read, update and delete plans in any organization hierarchy.
    • alluser: Access, alter, or remove any user information in any organization.
    • console.login: Log in to the Code42 administration console.
    • cpd.login: Log in to the Code42 app.
    • cpd.restore: Restore from the Code42 app.
    • cpp.login: Log in to the administration console.
    • cps.login: Log in to the client desktop.
    • fileforensics.settings_write: View and edit file forensics related settings.
    • pushrestore: Perform a push restore from and to any device the user has authority to manage.
    • restore: Perform a full web restore for all devices user has authority to manage.
    • search.configure: Configure search related settings.
    • securitytools.settings_write: Edit settings for Code42 Security Tools.
    • select: Remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
    • system.command_restricted: View the CLI and run any command for which the user has permission.

All Org Legal Admin

(Version 6.5.x and later. This role was previously named Legal Admin in version 6.0.x and earlier.) 

  • Recommended use case
    • Legal personnel who need to place custodians on legal hold, and administer legal holds and perform data collection related to legal holds for the entire Code42 environment
  • Administrator functions
  • End user functions
    • Perform personal backups from the Code42 app
  • Limitations 
    • No "root" level access
    • Cannot change settings
    • Read-only view of users, devices, and organizations
  • Scope of permissions
    • All organizations
  • Permissions
    • allcomputer.read: View computer information for all organizations.
    • allorg.read: View org information for all organizations.
    • allplan.read: Read information about plans in any organization hierarchy.
    • alluser.read: View user information for all organizations.
    • console.login: Log in to the administration console.
    • cpd.login: Log in to the Code42 app.
    • cpp.login: Log in to the administration console.
    • cps.login: Log in to the client desktop.
    • legalhold: Perform any operation regarding any legal hold.
    • pushrestore: Perform a push restore from and to any device the user has authority to manage.
    • restore: Perform a full web restore for all devices user has authority to manage.
    • select: Remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.

All Org Manager

  • Recommended use case 
    • Executive users who need statistics, but not technical details, about your Code42 environment
  • Administrator functions
    • Use the Reporting web app to view data for all organizations
    • Review statistics about all organizations and retrieve data
  • End user functions
    • None
  • Limitations 
    • Read-only access to prevent them from mistakenly changing settings or deleting data
  • Scope of permissions
    • All organizations
  • Permissions
    • allcomputer.read: View computer information for all organizations.
    • allorg.read: View org information for all organizations.
    • allplan.read: Read information about plans in any organization hierarchy.
    • alluser.read: View user information for all organizations.
    • console.login: Log in to the administration console.
    • cpd.login: Log in to the Code42 app.
    • cpd.restore: Restore from the Code42 app.
    • cpp.login: Log in to the administration console.
    • cps.login: Log in to the client desktop.
    • pushrestore.personal: Perform a personal push restore.
    • restore.limited: Perform a limited size web restore for all devices user has authority to manage.
    • restore.personal: Perform a personal web restore.
    • select.personal: Remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.
    • system.command_restricted: View the CLI and run any command for which the user has permission

All Org Search

  • Recommended use case 
    • Information security or legal personnel who need to examine backed-up files across your entire Code42 environment
  • Administrator functions
    • Use the Reporting web app to view data for all organizations
    • Use the File Search web app to:
      • Search backed-up files in across all organizations
      • Download files that appear in search results
  • Limitations 
    • No access to the administration console or Code42 app
  • Scope of permissions
    • All organizations
  • Permissions
    • allcomputer.read: View computer information for all organizations.
    • allorg.read: View org information for all organizations.
    • allplan.read: Read information about plans in any organization hierarchy.
    • alluser.read: View user information for all organizations.
    • cpp.login: Log in to the administration console.
    • restore: Perform a full web restore for all devices user has authority to manage.
    • search.execute: Execute search (includes viewing results).

All Org Security Viewer

  • Recommended use case
    • Information security personnel who need to retrieve information from devices that use endpoint monitoring
  • Administrator functions
  • Limitations 
    • Cannot change settings in your Code42 environment
  • Scope of permissions
    • All organizations
  • Permissions
    • allcomputer.read: View computer information for all organizations. 
    • allorg.read: View org information for all organizations.
    • allplan.read: Read information about plans in any organization hierarchy.
    • alluser.read: View user information for all organizations.
    • console.login: Log in to the administration console. 
    • cpp.login: Log in to the administration console. 
    • securitytools.data_read: View data collected by Code42 Security Tools.

Desktop User

  • Recommended use case
    • End users in your organization
  • Administrator functions
    • None
  • End user functions
    • Perform personal backups from the Code42 app and administration console
  • Limitations 
    • Cannot interact with other users' data or change settings in your Code42 environment
  • Scope of permissions
    • Assigned user
  • Permissions
    • cpd.login: Log in to the Code42 app. 
    • cpd.restore: Restore from the Code42 app. 
    • cps.login: Log in to the client desktop. 
    • plan.create: Create plans within a user's organization hierarchy.
    • restore.personal: Perform a personal web restore.
    • select.personal: Remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources. 

Desktop User - No Web Restore

(Version 7.0 and later)

  • Recommended use case
    • End users in your organization who do not need to perform web restores
  • Administrator functions
    • None
  • End user functions
    • Perform personal backups from the Code42 app and administration console
  • Limitations 
    • Cannot interact with other users' data or change settings in your Code42 environment
    • Cannot perform web restores
  • Scope of permissions
    • Assigned user
  • Permissions
    • cpd.login: Log in to the Code42 app. 
    • cpd.restore: Restore from the Code42 app.
    • cps.login: Log in to the client desktop.
    • select.personal: Remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.

Org Admin

  • Recommended use case
    • Administrators who should only manage users and devices within a specific organization
  • Administrator functions
    • Read and write information for users, computers, and organization settings for the user's organization and its child organizations
    • Read and write to plans within the user's organization and its child organizations
    • Use the Reporting web app to view data for the user's organization and its child organizations
  • End user functions
    • Allows end users to perform personal backups from the Code42 app and administration console
  • Limitations 
    • Cannot read or write information outside their organization
    • Cannot access administration console command line
    • Cannot access system logs
  • Scope of permissions
    • The user's organization and its child organizations
  • Permissions
    • computer: Access, alter, or remove any computer information.
    • console.login: Log in to the administration console. 
    • cpd.login: Log in to the Code42 app.
    • cpd.restore: Restore from the Code42 app.
    • cpp.login: Log in to the administration console.
    • cps.login: Log in to the client desktop. 
    • fileforensics.settings_write: View and edit file forensics related settings. 
    • org.create: Create child organizations within user's organization.
    • org.delete: Delete information within user's organization.
    • org.read: View org information within user's organization. 
    • org.update_deactivate: Update information within a user's organization and deactivate organizations. 
    • plan: Create, read, update and delete plans within a user's organization hierarchy.
    • pushrestore: Perform a push restore from and to any device the user has authority to manage.
    • restore: Perform a full web restore for all devices user has authority to manage.
    • search.configure: Configure search related settings.
    • securitytools.settings_write: Edit settings for Code42 Security Tools.
    • select: Remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
    • system.command_restricted: View the CLI and run any command for which the user has permission.
    • user: Access, alter or remove any user information. 

Org Admin - No Web Restore

(Version 7.0 and later)

  • Recommended use case
    • Administrators who should only manage users and devices within a specific organization  and who should not perform web restores
  • Administrator functions
    • Read and write information for users, computers, and organization settings for the user's organization and its child organizations
    • Read and write to plans within the user's organization and its child organizations
    • Use the Reporting web app to view data for the user's organization and its child organizations
  • End user functions
    • Perform personal backups from the Code42 app and administration console
  • Limitations 
    • Cannot read or write information outside their organization
    • Cannot access administration console command line
    • Cannot access system logs
    • Cannot perform web restores
  • Scope of permissions
    • The user's organization and its child organizations
  • Permissions
    • computer: Access, alter, or remove any computer information.
    • console.login: Log in to the administration console.
    • cpd.login: Log in to the Code42 app. 
    • cpp.login: Log in to the administration console. 
    • cps.login: Log in to the client desktop.
    • org.create: Create child organizations within user's organization.
    • org.delete: Delete information within user's organization. 
    • org.read: View org information within user's organization.
    • org.update_deactivate: Update information within a user's organization and deactivate organizations.
    • pushrestore: Perform a push restore from and to any device the user has authority to manage. 
    • select: Remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
    • user: Access, alter or remove any user information. 

Org Help Desk

  • Recommended use case
    • Help desk staff who can assist others within their organization, but not reconfigure any settings
  • Administrator functions
    • Use the Reporting web app to view data for the user's organization and its child organizations
    • Restore files to the source user's devices using the administration console
    • View (read-only) users and devices in the user's organization and its child organizations
  • End user functions
    • Perform personal backups from the Code42 app and administration console
  • Limitations 
    • Cannot change settings
    • Cannot read or write information outside their organization
  • Scope of permissions
    • The user's organization and its child organizations
  • Permissions
    • computer.read: View computer information.
    • console.login: Log in to the administration console.
    • cpd.login: Log in to the Code42 app.
    • cpd.restore: Restore from the Code42 app.
    • cpp.login: Log in to the administration console. 
    • cps.login: Log in to the client desktop.
    • org.read: View org information within user's organization.
    • plan.read: Read information about plans within a user's organization hierarchy.
    • pushrestore.limited: Perform a push restore only to the source user's devices. There is no size limit.
    • select: Remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources. 
    • user.read: View user information.

Org Legal Admin

(Version 6.5.x and later)

  • Recommended use case
    • Legal personnel who need to place custodians on legal hold and administer legal holds for the entire Code42 environment, but who only need to restore files from users within their organization
  • Administrator functions
    • Use the Reporting web app to view data for the user's organization and its child organizations
    • Perform web restores for other users that are within their organization and its child organizations
    • Use the Legal Hold web app to:
      • Create, modify, and deactivate legal holds
      • Restore files for legal hold collection purposes (push restore) for users within their organization and its child organization
  • End user functions
    • Perform personal backups from the Code42 app
  • Limitations 
    • No "root" level access
    • Cannot change settings
    • Read-only view of users, devices, and organizations
    • Cannot restore files for users outside their organization and its child organizations
  • Scope of permissions
    • The user's organization and its child organizations
  • Permissions
    • computer.read: View computer information.
    • console.login: Log in to the administration console.
    • cpd.login: Log in to the Code42 app.
    • cpp.login: Log in to the administration console. 
    • cps.login: Log in to the client desktop.
    • legalhold: Perform any operation regarding any legal hold. 
    • org.read: View org information within user's organization.
    • plan: Create, read, update and delete plans within a user's organization hierarchy.
    • pushrestore: Perform a push restore from and to any device the user has authority to manage.
    • restore: Perform a full web restore for all devices user has authority to manage.
    • select: Remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources. 
    • user.read: View user information.

Org Manager

  • Recommended use case
    • Executive users who need statistics, but not technical details, about their organization (not the entire Code42 environment)
  • Administrator functions
    • Use the Reporting web app to view data for the user's organization and its child organizations
    • Restore files to the source user's devices using the administration console
    • View (read-only) users and devices in the user's organization and its child organizations
  • End user functions
    • Perform personal backups from the Code42 app and administration console
  • Limitations 
    • Cannot change settings
    • Cannot read or write information outside their organization
  • Scope of permissions
    • The user's organization and its child organizations
  • Permissions
    • computer.read: View computer information. 
    • console.login: Log in to the administration console.
    • cpd.login: Log in to the Code42 app. 
    • cpd.restore: Restore from the Code42 app.
    • cpp.login: Log in to the administration console.
    • cps.login: Log in to the client desktop.
    • org.read: View org information within user's organization. 
    • plan.read: Read information about plans within a user's organization hierarchy.
    • pushrestore.personal: Perform a personal push restore. 
    • restore.limited: Perform a limited size web restore for all devices user has authority to manage. 
    • restore.personal: Perform a personal web restore. 
    • select.personal: Remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources. 
    • user.read: View user information. 

Org Search

  • Recommended use case
    • Information security or legal personnel who need to examine backed-up files in their organization (not the entire Code42 environment)
  • Administrator functions
    • Use the Reporting web app to view data for the user's organization and its child organizations
    • Use the File Search web app to:
      • Search backed-up files in the user's organization and child organizations
      • Download files that appear in search results
  • End user functions
    • None
  • Limitations 
    • No access to the administration console or Code42 app
  • Scope of permissions
    • The user's organization and its child organizations
  • Permissions
    • computer.read: View computer information. 
    • cpp.login: Log in to the administration console.
    • org.read: View org information within user's organization.
    • plan.read: Read information about plans within a user's organization hierarchy.
    • restore: Perform a full web restore for all devices user has authority to manage.
    • search.execute: Execute search (includes viewing results).

Org Security Viewer

  • Recommended use case
    • Information security personnel who need to retrieve information from devices that use endpoint monitoring
  • Administrator functions
    • Use the Security Center to view data for user's organization and its child organizations
    • Use the Reporting web app to view data for user's organization and its child organizations
  • End user functions
    • None
  • Limitations 
    • Cannot change settings in the organization
  • Scope of permissions
    • The user's organization and its child organizations
  • Permissions
    • computer.read: View computer information.
    • console.login: Log in to the administration console.
    • cpp.login: Log in to the administration console.
    • org.read: View org information within user's organization.
    • plan.read: Read information about plans within a user's organization hierarchy.
    • securitytools.data_read: View data collected by Code42 Security Tools. 
    • user.read: View user information.

PROe User

  • Recommended use case
    • End users in your organization
  • Administrator functions
    • Allows administrators to sign in to the administration console
  • End user functions
    • None
    Limitations 
    • Cannot access other information or functions of Code42 for Enterprise
  • Scope of permissions
    • Assigned user
  • Permissions
    • console.login: Log in to the administration console. 
    • cpd.restore: Restore from the Code42 app. 
    • cpp.login: Log in to the administration console. 

Push Restore

  • Recommended use case
    • Help desk staff who will assist others with restoring data. Assign in conjunction with a role that has access to the administration console
  • Administrator functions
    • View files within backup archives
    • Restore files from the administration console
  • End user functions
    • None
  • Limitations 
    • No read or write access to any user, organization, or device
  • Scope of permissions
    • All organizations
  • Permissions
    • pushrestore: Perform a push restore from and to any device the user has authority to manage.
    • select: Remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.

Remote File Selection

  • Recommended use case
    • Help desk staff who will monitor backups. Assign in conjunction with a role that has access to the administration console
  • Administrator functions
    • Allows administrators to view files within backup archives
  • End user functions
    • None
  • Limitations 
    • No read or write access to any user, organization, or device
  • Scope of permissions
    • All organizations
  • Permissions
    • select: Remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources. 

Security Center User

  • Recommended use case
    • Information security personnel who need to review information about devices that use endpoint monitoring
  • Administrator functions
  • End user functions
    • None
  • Limitations 
    • Does not directly grant access to view or manage other users. Use this role in addition to an administrative role such as Org Admin
  • Scope of permissions
    • The user's organization and its child organizations
  • Permissions
    • fileforensics.settings_write: View and edit file forensics related settings.
    • securitytools.data_read: View data collected by Code42 Security Tools.
    • securitytools.settings_write: Edit settings for Code42 Security Tools.

Server Administrator

  • Recommended use case
    • IT staff who need administrative privileges for the Code42 environment
  • Administrator functions
    • Read and write information for all users, computers, and organizations
    • Read and write to all plans
    • Edit all all system information and settings (except tasks reserved for system administrator)
    • Use the Reporting web app to view data for all organizations
  • End user functions
    • Perform personal backups from the Code42 app and administration console
  • Limitations 
    • Cannot perform tasks reserved for system administrator, such as editing the local administrator account password
  • Scope of permissions
    • All organizations
  • Permissions
    • allcomputer: Access, alter or remove any computer information in any organization.
    • allorg: Create, alter or delete information in any organization.
    • allplan: Create, read, update and delete plans in any organization hierarchy. 
    • alluser: Access, alter, or remove any user information in any organization. 
    • console.login: Log in to the administration console. 
    • cpd.login: Log in to the Code42 app. 
    • cpd.restore: Restore from the Code42 app.
    • cpp.login: Log in to the administration console. 
    • cps.login: Log in to the client desktop.
    • customer_admin: Configure settings for your entire environment, such as subscription information and single sign-on (SSO).
    • fileforensics.settings_write: View and edit file forensics related settings.
    • pushrestore: Perform a push restore from and to any device the user has authority to manage. 
    • restore: Perform a full web restore for all devices user has authority to manage.
    • search.configure: Configure search related settings.
    • securitytools.settings_write: Edit settings for Code42 Security Tools. 
    • select: Remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
    • system: Edit all system information not reserved for the System Administrator.

SYSADMIN

  • Recommended use case
  • Administrator functions
    • Use the Security Center to view data for all organizations
    • Use the File Search web app to:
      • Search backed-up files in across all organizations
      • Download files that appear in search results
    • Use the Reporting web app to view data for all organizations
    • Grant and revoke SYSADMIN role for other users
    • Read and write all information for all users, organizations, and settings
    • "Root-level" access
    • Default role for the local administrator account
  • End user functions
    • None
  • Limitations
  • Scope of permissions
    • All organizations
  • Permissions
    • admin: Gives "super user" permission. 

User Modify

(Version 7.0 and later)

  • Recommended use case
    • Help desk staff who manage users, but not devices or organization settings. Assign in conjunction with a role that has access to the administration console (such as Org Help Desk).
  • Administrator functions
    • View users
    • Update user information
  • End user functions
    • None
  • Limitations
    • Cannot add or deactivate users
    • Cannot update organization settings
  • Scope of permissions
    • The user's organization and its child organizations
  • Permissions
    • user.read: View user information.
    • user.update: Update user information.
  • Was this article helpful?