Manage user roles

Last updated
Save as PDF
Share
1. Share
2. Share
3. Tweet

Who is this article for?

Code42 for EnterpriseSee product plans and features

CrashPlan for Small Business

CrashPlan for Small Business, no.

Code42 for Enterprise, yes.

Link: Product plans and features.

This article applies to Cloud.

Other available versions:

Versions 6 and 7 | Version 5 | Version 4

Overview

This article describes how to remove or assign user roles to specific Code42 accounts so you can set up role-based access control for your Code42 environment. Managing who has access to Code42 resources is an important security aspect of any Code42 environment.

Code42 includes a pre-existing set of user roles or privileges that can be applied to user accounts. These built-in user roles include a fine-grained set of permissions to ensure users only have access to the resources they need. This article includes a comparison of each of the roles to help you determine which roles fit your policies.

Considerations

Only users with the Customer Cloud Admin role can assign roles to other users.

Assign role to specific user

To assign a role to a specific user, follow the steps below.

Navigate to the User Details view.
From the Action Menu, select Edit.
Select the Roles tab.
From the Available Roles list, select the role you'd like assigned to the user.
Click the right facing arrow to add the selected role.
Select Update User to save your changes.

Add role to user

Roles reference

The available standard roles, as well as the permissions, limitations, scope of permissions, and recommended use cases for each are described in the table below.

For details about the specific permissions held by each role, review them in your administration console. To access role information, select Users > Active, click a user row to open the user details page, select Edit from the action menu in the upper-right corner, and then click the Roles tab.

Role	Permission Summary	Limitations	Scope of permissions	Recommended Use Case
Admin Restore	Administrative Restore data using the administration console End user None	No access to the administration console or Code42 app	All organizations	Assign in conjunction with a role that has access to the administration console and Code42 app. For example, PROe user and Desktop User.
Admin Restore Limited	Administrative Restore a limited amount of data using the administration console (configurable limit) End user None	Restore limit is configurable from organization settings (250 MB by default) No access to the administration console or Code42 app	All organizations	Assign in conjunction with a role that has access to the administration console and Code42 app. For example, PROe user and Desktop User.
Alert Emails	Administrative Receive automated backup reports and backup alerts by email. End user None		All organizations	Organization administrators who monitor the frequency and success of backup operations for their users' devices.
Cross Org Admin	Administrative Add/deactivate users, devices, and organizations. Update settings View data in the Reporting web app Perform push and web restores for other users End user Perform personal backups from the Code42 app and administration console	Limited access to the administration console command line interface (CLI) Cannot access system logs	All organizations	Administrators who manage users and devices in all organizations and who need to restore files for users
Cross Org Admin - No Restore	Administrative Add/deactivate users, devices, and organizations View data in the Reporting web app End user Perform personal backups from the Code42 app and administration console	Cannot perform push or web restores Limited access to the administration console command line interface (CLI) Cannot access system logs	All organizations	Administrators who manage users and devices in all organizations but should not restore files for users
Cross Org Help Desk	Administrative View (read-only) users and devices Restore files to the source user's devices using the administration console Use the Reporting web app to view data End user Perform personal backups from the Code42 app and administration console	Cannot change settings Cannot add/deactivate users, devices, or organizations	All organizations	Help desk staff who assist others in all organizations, but not reconfigure any settings
Cross Org Legal Admin	Administrative Create, modify, and deactivate legal holds Restore files for legal hold collection purposes (push restore) Perform web restores for other users View data in the Reporting web app End user Perform personal backups from the Code42 app	No "root" level access Cannot change settings Cannot add or deactivate users, devices, or organizations.	All organizations	Legal personnel who place custodians on legal hold and administer legal holds for the entire Code42 environment, and who need to restore files for users
Cross Org Manager	Administrative View (read-only) users and devices Restore files to the source user's devices using the administration console View data in the Reporting web app End user Perform personal backups from the Code42 app and administration console	Cannot change settings Cannot add/deactivate users, devices, or organizations	All organizations	Executive users who need statistics, but not technical details, about all organizations
Cross Org Security Viewer	Requires Security Center User role To use Security Center's file exfiltration detection capabilities, you must also assign the Security Center User role Administrative View data in the Reporting web app View data in the Security Center End user None	Cannot change settings in organizations Cannot add/deactivate users, devices, or organizations	All organizations	Information security personnel who need to retrieve information from devices that use endpoint monitoring in all organizations
Cross Org User Modify	Administrative View users Update user information End user None	Cannot add or deactivate users Cannot update organization settings	All organizations	Help desk staff who manage users, but not devices or organization settings. Assign in conjunction with a role that has access to the administration console (such as Cross Org Helpdesk.)
Customer Cloud Admin	Administrative Add/deactivate users, devices, and organizations Update settings for users, devices, and organizations View data in the Reporting web app for the user's Code42 environment View the Subscriptions screen for the user's organization or organizations. End user Perform personal backups from the Code42 app and administration console	Limited access to the administration console command line interface (CLI) Cannot access system logs	All organizations	Administrators who need administrative privileges for the Code42 environment
Desktop User	Administrative N/A End user Perform personal backups from the Code42 app and administration console Perform web restores	Cannot interact with other users' data or change settings in your Code42 environment	Assigned user	End users in your organization
Desktop User - No Web Restore	Administrative N/A End user Perform personal backups from the Code42 app and administration console	Cannot interact with other users' data or change settings Cannot perform web restores	Assigned user	End users in your organization who do not need to perform web restores
Org Admin	Administrative Add/deactivate users, devices, and organizations Update settings for users, devices, and organizations View data in the Reporting web app Perform web restores End user Perform personal backups from the Code42 app and administration console	Limited access to the administration console command line interface (CLI) Cannot access system logs	The user's organization and its child organizations	Administrators who only manage users and devices within a specific organization
Org Admin - No Web Restore	Administrative Add/deactivate users, computers, and organizations Update settings for users, devices, and organizations View data in the Reporting web app End user Perform personal backups from the Code42 app and administration console	Cannot add/deactivate users or computers outside their organization Limited access to the administration console command line interface (CLI) Cannot access system logs Cannot perform web restores	The user's organization and its child organizations	Administrators who only manage users and devices within a specific organization and who should not perform web restores
Org Help Desk	Administrative View (read-only) users and devices Restore files to the source user's devices using the administration console View data in the Reporting web app End user Perform personal backups from the Code42 app and administration console	Cannot change settings Cannot add/deactivate users, devices, or organizations	The user's organization and its child organizations	Help desk staff who assist others within their organization, but not reconfigure any settings
Org Legal Admin	Administrative Create, modify, and deactivate legal holds Restore files for legal hold collection purposes (push restore) Perform web restores for other users View data in the Reporting web app End user Perform personal backups from the Code42 app	No "root" level access Cannot change settings Cannot add/deactivate users, devices, or organizations	The user's organization and its child organizations	Legal personnel who need to place custodians on legal hold and administer legal holds for the entire Code42 environment, but who only need to restore files from users within their organization.
Org Manager	Administrative View (read-only) users and devices Restore files to the source user's devices using the administration console View data in the Reporting web app End user Perform personal backups from the Code42 app and administration console	Cannot change settings Cannot add/deactivate users, devices, or organizations	The user's organization and its child organizations	Executive users who need statistics, but not technical details, about their organization (not the entire Code42 environment)
Org Security Viewer	Administrative View data using the Reporting web app View data using the Security Center End user None	Cannot change settings in the organization	The user's organization and its child organizations	Information security personnel who need to retrieve information from devices that use endpoint monitoring.
PROe User	Administrative Sign in to the administration console End user None	Cannot access other information or functions of Code42 for Enterprise	Assigned user	End users in your organization
PRO-Online Admin	For CrashPlan for Small Business only. Do not use.
Push Restore	Administrative Restore files from the administration console View files within backup archives End user None	Cannot add/deactivate users, organizations, or devices	All organizations	Help desk staff who assist others with restoring data. Assign in conjunction with a role that has access to the administration console.
Remote File Selection	Administrative View files within backup archives End user None	Cannot add/deactivate users, organizations, or devices	All organizations	Help desk staff who monitor backups. Assign in conjunction with a role that has access to the administration console.
Security Center User	Administrative Use the Security Center to view user activity detected by endpoint monitoring. Manage Security Center activity profiles. End user None	Does not directly grant access to view or manage other users. Use this role in addition to an administrative role such as Org Admin.	The user's organization and its child organizations	Information security personnel who review information about devices that use endpoint monitoring.
User Modify	Administrative View users Update user information End user None	Cannot add or deactivate users Cannot update organization settings	The user's organization and its child organizations	Help desk staff who manage users, but not devices or organization settings. Assign in conjunction with a role that has access to the administration console (such as Org Helpdesk.)

Overview

Considerations

Assign role to specific user

Roles reference

Related topics