5 user privileges on a storage node, User privileges on a storage node – Acronis Backup for Windows Server Essentials - User Guide User Manual
Page 217
217
Copyright © Acronis International GmbH, 2002-2014
3. Select the storage node; then, perform the required operations as described in "Actions on
storage nodes" (p. 218).
7.5.5 User privileges on a storage node
User accounts can have the different scope of user's privileges on Acronis Backup Storage Node.
1. Acronis Centralized Admins - management server administrators, members of the Acronis
Centralized Admins group. Acronis Centralized Admins can:
Create centralized vaults to be managed by the storage node.
Add, edit, or remove Vault administrators and Vault users accounts.
View and manage any archive in any centralized vault managed by the storage node.
Manage indexing and compacting as described in "Actions on storage nodes" (p. 218).
2. Vault administrators - group or user accounts on the storage node, selected by the management
server administrator when creating or editing a vault. Vault administrators can view and manage
any archive in the specified managed vault. By default, the Administrators group on the storage
node is added to the Vault administrators.
3. Vault users - group or user accounts on the storage node, selected by the management server
administrator when creating or editing a vault. Vault users can view and manage only their own
archives in the vault. By default, the Everyone group on the storage node is added to the Vault
users.
Recommendations on user accounts
To allow users to access the centralized vaults managed by a storage node, you must ensure that
those users have a right to access the storage node from the network.
If both the users' machines and the machine with the storage node are in one Active Directory
domain, you probably do not need to perform any further steps: all users are typically members of
the Domain Users group and so can access the storage node.
Otherwise, you need to create user accounts on the machine where the storage node is installed. We
recommend creating a separate user account for each user who will access the storage node, so that
the users are able to access only the archives they own.
Additional right of machine administrators
A vault user who is a member of the Administrators group on a machine can view and manage any
archives created from that machine in a managed vault—regardless of the type of that user's account
on the storage node.
Example
Suppose that two users on a machine, UserA and UserB, perform backups from this machine to a
centralized vault managed by a storage node. On the storage node, let these users to be added as
regular (non-administrative accounts) UserA_SN and UserB_SN, respectively. While creating a
managed vault, both accounts were added as vault users.
Normally, UserA can access only the archives created by UserA (and owned by UserA_SN), and UserB
can access only the archives created by UserB (and owned by UserB_SN).
However, if UserA is a member of the Administrators group on the machine, this user can
additionally access the archives created from this machine by UserB—even though UserA's account
on the storage node is a regular one.