Overview
Your CrashPlan environment has a pre-existing set of user roles that can be applied to user accounts. These standard user roles provide administrators with the fine-grained set of permissions needed for most use cases. This article describes the available standard roles, as well as the permissions for each.
To assign roles to users, see Manage user roles . For use cases, see Role assignment use cases .
View roles
- Sign in to the CrashPlan console as a user with the Customer Cloud Admin role.
- Navigate to Administration > Environment > Users.
- Click a user row to open the user details page.
- Select Edit from the action menu in the upper-right corner.
- Click the Roles tab.
- Select a role from the Available Roles or Current Roles lists.
The permissions granted by the selected role are displayed in the Role's Permissions table.
Standard roles for CrashPlan
Admin Restore
Assign this role to administrators who restore data for users using the CrashPlan console. Assign this role in conjunction with a role that has access to the CrashPlan console, such as PROe User or Desktop User.
-
Limitations
- No access to the CrashPlan console or CrashPlan app.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
restore.all | Permission to perform a full web restore for all devices user has authority to manage. |
restore.limited | Permission to perform a limited size web restore for all devices user has authority to manage. |
restore.personal | Permission to perform a personal web restore. |
Admin Restore Limited
Assign this role to administrators who restore a limited amount of data for users using the CrashPlan console. The amount that this role is limited to restore is defined by Web restore limit in organization settings. Assign this role in conjunction with a role that has access to the CrashPlan console, such as PROe User or Desktop User.
-
Limitations
- No access to the CrashPlan console or CrashPlan app.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
restore.limited | Permission to perform a limited size web restore for all devices user has authority to manage. |
Alert Emails
Assign this role to administrators who want to receive warning and critical alerts emails to monitor the frequency and success of backup operations for their users' devices. A user assigned this role is added to the recipients list for email reports, and if the role is removed they are removed from the list.
-
Limitations
- No "root" level access.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
ReceivesAlert.EMAIL | Permission to receive alert emails. |
Audit Log Viewer
Assign this role to information security personnel who need to review events in the Audit Log.
Assign this role in conjunction with a role that has access to the CrashPlan console, such as PROe User or Desktop User.
-
Limitations
- Cannot perform any functions except view the Audit Log.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
auditlog.read |
Permission to view Audit Log events. |
Billing Admin
Assign this role to existing CrashPlan administrators who need the ability to view and update billing information.
-
Limitations
- Should not be assigned to users with the PROe User role.
- Cannot perform any functions except interact with the License Plan page.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
account.create | For internal use only. |
account.read |
For internal use only. |
account.update |
For internal use only. |
Cross Org Admin
Assign this role to administrators who manage users and devices in all organizations, and who need to restore files for users.
-
Limitations
- Has only limited access to the CrashPlan console command line interface (CLI).
- Cannot access system logs.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
account.update | For internal use only. |
console.login | Permission to log in to the CrashPlan console. |
cpd.restore | Permission to restore from the CrashPlan app. |
crossorg_computer.all | Permission to access, alter, or remove any computer information across the customer's organization. |
crossorg_computer.delete | Permission to delete any computer across the customer's organization. |
crossorg_computer.read | Permission to view computer information across the customer's organization. |
crossorg_computer.update | Permission to update computer information across the customer's organization. |
crossorg_org.create | Permission to create new parent organizations across the customer's organization. |
crossorg_org.delete | Permission to delete any org across the customer's organization. |
crossorg_org.read | Permission to view organization information across the customer's organization. |
crossorg_org.update_deactivate | Permission to update organization information and deactivate organizations across the customer's organization. |
crossorg_plan.all | Permission to create, read, update and delete plans across the customer's organization. |
crossorg_plan.create | Permission to create plans across the customer's organization. |
crossorg_plan.delete | Permission to delete plans across the customer's organization. |
crossorg_plan.read | Permission to read information about plans across the customer's organization. |
crossorg_plan.update | Permission to update information on plans across the customer's organization. |
crossorg_user.all | Permission to access, alter, or remove any user information across the customer's organization. |
crossorg_user.create | Permission to create users across the customer's organization. |
crossorg_user.delete | Permission to delete users across the customer's organization. |
crossorg_user.read | Permission to view user information across the customer's organization. |
crossorg_user.update | Permission to update user information across the customer's organization. |
fileforensics.settings_write | Permission to view and edit file forensics related settings. |
preservation.archive.purgepath | Permission to remove specified paths and associated file versions from archives. |
pushrestore.all | Permission to perform a push restore from and to any device the user has authority to manage. |
pushrestore.limited | Permission to perform a push restore only to the source user's devices. There is no size limit. |
pushrestore.personal | Permission to perform a personal push restore. |
restore.all | Permission to perform a full web restore for all devices user has authority to manage. |
restore.limited | Permission to perform a limited size web restore for all devices user has authority to manage. |
restore.personal | Permission to perform a personal web restore. |
search.configure | Permission to configure search related settings. |
securitytools.settings_write | Permission to edit settings for CrashPlan Security Tools. |
select.all | Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources. |
select.personal | Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources. |
system.command_restricted | View the CLI and run any command for which the user has permission. |
viewlogs.device | Allows access to agent logs for any device the user has read permissions to |
Cross Org Admin - No Restore
Assign this role to administrators who manage users and devices in all organizations, but who should not restore files for users.
-
Limitations
- Cannot perform push or web restores.
- Limited access to the CrashPlan console command line interface (CLI).
- Cannot access system logs.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
account.update | For internal use only. |
console.login | Permission to log in to the CrashPlan console. |
cpd.restore | Permission to restore from the CrashPlan app. |
crossorg_computer.all | Permission to access, alter, or remove any computer information across the customer's organization. |
crossorg_computer.delete | Permission to delete any computer across the customer's organization. |
crossorg_computer.read | Permission to view computer information across the customer's organization. |
crossorg_computer.update | Permission to update computer information across the customer's organization. |
crossorg_org.create | Permission to create new parent organizations across the customer's organization. |
crossorg_org.delete | Permission to delete any org across the customer's organization. |
crossorg_org.read | Permission to view organization information across the customer's organization. |
crossorg_org.update_deactivate | Permission to update organization information and deactivate organizations across the customer's organization. |
crossorg_plan.all | Permission to create, read, update and delete plans across the customer's organization. |
crossorg_plan.create | Permission to create plans across the customer's organization. |
crossorg_plan.delete | Permission to delete plans across the customer's organization. |
crossorg_plan.read | Permission to read information about plans across the customer's organization. |
crossorg_plan.update | Permission to update information on plans across the customer's organization. |
crossorg_user.all | Permission to access, alter, or remove any user information across the customer's organization. |
crossorg_user.create | Permission to create users across the customer's organization. |
crossorg_user.delete | Permission to delete users across the customer's organization. |
crossorg_user.read | Permission to view user information across the customer's organization. |
crossorg_user.update | Permission to update user information across the customer's organization. |
fileforensics.settings_write | Permission to view and edit file forensics related settings. |
pushrestore.personal | Permission to perform a personal push restore. |
search.configure | Permission to configure search related settings. |
securitytools.settings_write | Permission to edit settings for CrashPlan Security Tools. |
select.all | Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources. |
select.personal | Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources. |
system.command_restricted | View the CLI and run any command for which the user has permission. |
viewlogs.device | Allows access to agent logs for any device the user has read permissions to |
Cross Org Computer Modify
Assign this role to individuals who modify device settings in all organizations. Assign in conjunction with Cross Org Help Desk to allow help desk personnel to add and deactivate user devices.
-
Limitations
- Cannot add/deactivate users or organizations.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
crossorg_computer.update | Permission to update computer information across the customer's organization. |
crossorg_user.read | Permission to view user information across the customer's organization. |
Cross Org Help Desk
Assign this role to help desk personnel who assist others in all organizations, but who cannot change any settings. The people with this role can view users and devices, restore files to the source user's devices using the CrashPlan console, and use reports to view data. To allow people with this role to add and deactivate user devices, assign this role in conjunction with the Cross Org Computer Modify role.
-
Limitations
- Cannot change settings.
- Cannot add/deactivate users, devices, or organizations.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
console.login | Permission to log in to the CrashPlan console. |
cpd.restore | Permission to restore from the CrashPlan app. |
crossorg_computer.read | Permission to view computer information across the customer's organization. |
crossorg_org.read | Permission to view organization information across the customer's organization. |
crossorg_plan.read | Permission to read information about plans across the customer's organization. |
crossorg_user.read | Permission to view user information across the customer's organization. |
pushrestore.limited | Permission to perform a push restore only to the source user's devices. There is no size limit. |
select.all | Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources. |
select.personal | Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources. |
Cross Org Help Desk - No Restore
Assign this role to help desk personnel who assist others in all organizations, but who do not change any settings or restore files for others. People with this role can view users and devices and use reports to view data.
-
Limitations
- Cannot perform push or web restores.
- Cannot change settings.
- Cannot add/deactivate users, devices, or organizations.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
console.login | Permission to log in to the CrashPlan console. |
cpd.restore | Permission to restore from the CrashPlan app. |
crossorg_computer.read | Permission to view computer information across the customer's organization. |
crossorg_org.read | Permission to view organization information across the customer's organization. |
crossorg_plan.read | Permission to read information about plans across the customer's organization. |
crossorg_user.read | Permission to view user information across the customer's organization. |
Cross Org Legal Admin
Assign this role to legal personnel who place custodians on legal hold and administer legal holds for all organizations. People with this role can restore files for legal hold collection purposes (push restore), view data in reports, and create, modify, and deactivate legal holds.
-
Limitations
- No "root" level access.
- Cannot change settings.
- Cannot add or deactivate users, devices, or organizations.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
console.login | Permission to log in to the CrashPlan console. |
crossorg_computer.read | Permission to view computer information across the customer's organization. |
crossorg_org.read | Permission to view organization information across the customer's organization. |
crossorg_plan.all | Permission to create, read, update and delete plans across the customer's organization. |
crossorg_plan.create | Permission to create plans across the customer's organization. |
crossorg_plan.delete | Permission to delete plans across the customer's organization. |
crossorg_plan.read | Permission to read information about plans across the customer's organization. |
crossorg_plan.update | Permission to update information on plans across the customer's organization. |
crossorg_user.read | Permission to view user information across the customer's organization. |
legalhold.all | Permission to perform any operation regarding any Legal Hold |
legalhold.create | Permission to create a Legal Hold |
legalhold.modify_membership | Permission to add/remove users to/from any Legal Hold |
legalhold.read | Permission to view any Legal Hold |
legalhold.update | Permission to update any Legal Hold |
pushrestore.all | Permission to perform a push restore from and to any device the user has authority to manage. |
pushrestore.limited | Permission to perform a push restore only to the source user's devices. There is no size limit. |
pushrestore.personal | Permission to perform a personal push restore. |
restore.all | Permission to perform a full web restore for all devices user has authority to manage. |
restore.limited | Permission to perform a limited size web restore for all devices user has authority to manage. |
restore.personal | Permission to perform a personal web restore. |
select.all | Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources. |
select.personal | Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources. |
Cross Org Manager
Assign this role to executive users who need statistics, but not technical details, about all organizations. People with this role can view users and devices, restore files to the source user's devices using the CrashPlan console, and view data in reports.
-
Limitations
- Cannot change settings.
- Cannot add/deactivate users, devices, or organizations.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
console.login | Permission to log in to the CrashPlan console. |
cpd.restore | Permission to restore from the CrashPlan app. |
crossorg_computer.read | Permission to view computer information across the customer's organization. |
crossorg_org.read | Permission to view organization information across the customer's organization. |
crossorg_plan.read | Permission to read information about plans across the customer's organization. |
crossorg_user.read | Permission to view user information across the customer's organization. |
pushrestore.personal | Permission to perform a personal push restore. |
restore.limited | Permission to perform a limited size web restore for all devices user has authority to manage. |
restore.personal | Permission to perform a personal web restore. |
select.personal | Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources. |
Cross Org User Modify
Assign this role to help desk personnel who modify user settings on all organizations, but not device or organization settings. This role must be assigned in conjunction with a role that has access to the CrashPlan console, such as Cross Org Help Desk.
-
Limitations
- Cannot add or deactivate users.
- Cannot update organization settings.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
crossorg_user.read | Permission to view user information across the customer's organization. |
crossorg_user.update | Permission to update user information across the customer's organization. |
Customer Cloud Admin
Assign this role to "super user" administrators who should have all possible permissions. People with this role have permissions to perform the tasks of any role.
Always assign roles so that users have the lowest level of privilege needed to perform their jobs. Do not assign the Customer Cloud Admin role if another role will provide the desired permissions.
-
Limitations
- Limited access to the CrashPlan console command line interface (CLI).
- Cannot access system logs.
-
Scope of permissions
- All organizations.
Desktop User
This role is the default role for CrashPlan app users. People with this role can sign in to the CrashPlan app, select files for backup in the CrashPlan app, and restore files from the CrashPlan app.
-
Limitations
- Cannot interact with other users' data or change settings in the CrashPlan environment.
-
Scope of permissions
- Assigned user.
Permissions | Description |
---|---|
cpd.restore | Permission to restore from the CrashPlan app. |
plan.create | Permission to create plans within a user's organization hierarchy. |
restore.personal | Permission to perform a personal web restore. |
select.personal | Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources. |
Desktop User - No Web Restore
Assign this role to users of the CrashPlan app who do not need to perform restores using the CrashPlan console. People with this role can still restore files from the CrashPlan app and select files for backup in the CrashPlan app.
-
Limitations
- Cannot interact with other users' data or change settings.
- Cannot perform web restores.
-
Scope of permissions
- Assigned user.
Permissions | Description |
---|---|
cpd.restore | Permission to restore from the CrashPlan app. |
select.personal | Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources. |
Identity Management Administrator
Assign this role to an administrator whose work is limited to setup and maintenance of Identity Management. People assigned this role can configure single sign-on and provisioning.
The
directory.uac.elevated_role_manage
permission allows a user with this role to assign any user to any role. Always assign roles so that users have the lowest level of privilege needed to perform their jobs.-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
console.login | Permission to log in to the CrashPlan console. |
directory.identity_management.read | View identity management integrations. |
directory.identity_management.write | Create and modify identity management integrations. |
directory.uac.elevated_role_manage | Authorize principal to manage role assignments for any customer role. |
Manifest Viewer
Assign this role to people who need to access archive metadata so they can generate reports on files and their versions. This role is used only by APIs.
-
Limitations
- Does not directly grant access to view or manage users and organizations.
-
Scope of permissions
- Used solely by APIs.
- Allows access to archives for all organizations.
Permissions | Description |
---|---|
preservation.metadata.read | Permission to view the preservation manifest for any archive in the organization. |
Multi-Factor Auth Admin
Assign this role to administrators who manage multi-factor authentication for local users within a specific organization. Assign this role in conjunction with an administrative role with organization and user access rights such as Org Admin.
-
Limitations
- Does not directly grant access to view or manage users and organizations.
-
Scope of permissions
- The user's organization and its child organizations.
Permissions | Description |
---|---|
twofactorauth.configure | Permission to view and edit two-factor auth settings for local users. |
Org Admin
Assign this role to administrators who manage users and devices within a specific organization. The person assigned this role can perform web restores, view data in reports, and update settings for users, devices, and organizations.
-
Limitations
- Limited access to the CrashPlan console command line interface (CLI).
- Cannot access system logs.
-
Scope of permissions
- The user's organization and its child organizations.
Permissions | Description |
---|---|
account.update | For internal use only. |
computer.all | Permission to access, alter, or remove any computer information. |
computer.delete | Permission to delete computer. |
computer.read | Permission to view computer information. |
computer.update | Permission to update computer information. |
console.login | Permission to log in to the CrashPlan console. |
cpd.restore | Permission to restore from the CrashPlan app. |
fileforensics.settings_write | Permission to view and edit file forensics related settings. |
org.create | Permission to create child organizations within user's organization. |
org.delete | Permission to delete information within user's organization. |
org.read | Permission to view org information within user's organization. |
org.update_deactivate | Permission to update information within a user's organization and deactivate organizations. |
plan.all | Permission to create, read, update and delete plans within a user's organization hierarchy. |
plan.create | Permission to create plans within a user's organization hierarchy. |
plan.delete | Permission to delete plans from a user's organization hierarchy. |
plan.read | Permission to read information about plans within a user's organization hierarchy. |
plan.update | Permission to update information on plans within a user's organization hierarchy. |
preservation.archive.purgepath | Permission to remove specified paths and associated file versions from archives. |
pushrestore.all | Permission to perform a push restore from and to any device the user has authority to manage. |
pushrestore.limited | Permission to perform a push restore only to the source user's devices. There is no size limit. |
pushrestore.personal | Permission to perform a personal push restore. |
restore.all | Permission to perform a full web restore for all devices user has authority to manage. |
restore.limited | Permission to perform a limited size web restore for all devices user has authority to manage. |
restore.personal | Permission to perform a personal web restore. |
search.configure | Permission to configure search related settings. |
securitytools.settings_write | Permission to edit settings for CrashPlan Security Tools. |
select.all | Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources. |
select.personal | Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources. |
system.command_restricted | View the CLI and run any command for which the user has permission. |
user.all | Permission to access, alter or remove any user information. |
user.create | Permission to create users. |
user.delete | Permission to delete users. |
user.read | Permission to view user information. |
user.update | Permission to update user information. |
viewlogs.device | Allows access to agent logs for any device the user has read permissions to |
Org Admin - No Web Restore
Assign this role to administrators who manage users and devices within a specific organization and who do not perform web restores. The person assigned this role can update settings for users, devices, and organizations.
-
Limitations
- The user's organization and its child organizations.
-
Scope of permissions
- Cannot add/deactivate users or computers outside their organization.
- Limited access to the CrashPlan console command line interface (CLI).
- Cannot access system logs.
- Cannot perform web restores.
Permissions | Description |
---|---|
account.update | For internal use only. |
computer.all | Permission to access, alter, or remove any computer information. |
computer.delete | Permission to delete computer. |
computer.read | Permission to view computer information. |
computer.update | Permission to update computer information. |
console.login | Permission to log in to the CrashPlan console. |
cpd.restore | Permission to restore from the CrashPlan app. |
fileforensics.settings_write | Permission to view and edit file forensics related settings. |
org.create | Permission to create child organizations within user's organization. |
org.delete | Permission to delete information within user's organization. |
org.read | Permission to view org information within user's organization. |
org.update_deactivate | Permission to update information within a user's organization and deactivate organizations. |
plan.all | Permission to create, read, update and delete plans within a user's organization hierarchy. |
plan.create | Permission to create plans within a user's organization hierarchy. |
plan.delete | Permission to delete plans from a user's organization hierarchy. |
plan.read | Permission to read information about plans within a user's organization hierarchy. |
plan.update | Permission to update information on plans within a user's organization hierarchy. |
pushrestore.all | Permission to perform a push restore from and to any device the user has authority to manage. |
pushrestore.limited | Permission to perform a push restore only to the source user's devices. There is no size limit. |
pushrestore.personal | Permission to perform a personal push restore. |
search.configure | Permission to configure search related settings. |
securitytools.settings_write | Permission to edit settings for CrashPlan Security Tools. |
select.all | Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources. |
select.personal | Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources. |
system.command_restricted | View the CLI and run any command for which the user has permission. |
user.all | Permission to access, alter or remove any user information. |
user.create | Permission to create users. |
user.delete | Permission to delete users. |
user.read | Permission to view user information. |
user.update | Permission to update user information. |
viewlogs.device | Allows access to agent logs for any device the user has read permissions to |
Org Computer Modify
Assign this role to individuals who modify device settings in their organization. Assign in conjunction with Org Help Desk to enable help desk personnel to add and deactivate user devices.
-
Limitations
- Cannot modify settings of devices in other organizations.
- Cannot add/deactivate users or organizations.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
computer.update | Permission to update computer information. |
user.read | Permission to view user information. |
Org Help Desk
Assign this role to help desk personnel who assist others in their organization, but who do not change any settings. The people with this role can view users and devices, restore files to the source user's devices using the CrashPlan console, and use reports to view data. To allow people with this role to add and deactivate devices, assign this role in conjunction with the Org Computer Modify role.
-
Limitations
- Cannot change settings.
- Cannot add/deactivate users, devices, or organizations.
-
Scope of permissions
- The user's organization and its child organizations.
Permissions | Description |
---|---|
computer.read | Permission to view computer information. |
console.login | Permission to log in to the CrashPlan console. |
cpd.restore | Permission to restore from the CrashPlan app. |
org.read | Permission to view org information within user's organization. |
plan.read | Permission to read information about plans within a user's organization hierarchy. |
pushrestore.limited | Permission to perform a push restore only to the source user's devices. There is no size limit. |
select.all | Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources. |
select.personal | Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources. |
user.read | Permission to view user information. |
Org Help Desk - No Restore
Assign this role to help desk personnel who assist others in their organization, but who do not change any settings or restore files for others. People with this role can view users and devices.
-
Limitations
- Cannot perform push or web restores.
- Cannot change settings.
- Cannot add/deactivate users, devices, or organizations.
-
Scope of permissions
- The user's organization and its child organizations.
Permissions | Description |
---|---|
computer.read | Permission to view computer information. |
console.login | Permission to log in to the CrashPlan console. |
cpd.restore | Permission to restore from the CrashPlan app. |
org.read | Permission to view org information within user's organization. |
plan.read | Permission to read information about plans within a user's organization hierarchy. |
user.read | Permission to view user information. |
Org Legal Admin
Assign this role to legal personnel who place custodians on legal hold and administer legal holds for all organizations, but who only need to restore files from users within their organization. People with this role can restore files for legal hold collection purposes (push restore), and create, modify, and deactivate legal holds.
-
Limitations
- No "root" level access.
- Cannot change settings.
- Cannot add/deactivate users, devices, or organizations.
-
Scope of permissions
- The user's organization and its child organizations.
Permissions | Description |
---|---|
computer.read | Permission to view computer information. |
console.login | Permission to log in to the CrashPlan console. |
legalhold.all | Permission to perform any operation regarding any Legal Hold |
legalhold.create | Permission to create a Legal Hold |
legalhold.modify_membership | Permission to add/remove users to/from any Legal Hold |
legalhold.read | Permission to view any Legal Hold |
legalhold.update | Permission to update any Legal Hold |
org.read | Permission to view org information within user's organization. |
plan.all | Permission to create, read, update and delete plans within a user's organization hierarchy. |
plan.create | Permission to create plans within a user's organization hierarchy. |
plan.delete | Permission to delete plans from a user's organization hierarchy. |
plan.read | Permission to read information about plans within a user's organization hierarchy. |
plan.update | Permission to update information on plans within a user's organization hierarchy. |
pushrestore.all | Permission to perform a push restore from and to any device the user has authority to manage. |
pushrestore.limited | Permission to perform a push restore only to the source user's devices. There is no size limit. |
pushrestore.personal | Permission to perform a personal push restore. |
restore.all | Permission to perform a full web restore for all devices user has authority to manage. |
restore.limited | Permission to perform a limited size web restore for all devices user has authority to manage. |
restore.personal | Permission to perform a personal web restore. |
select.all | Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources. |
select.personal | Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources. |
user.read | Permission to view user information. |
Org Manager
Assign this role to executive users who need statistics, but not technical details, about their organization. People with this role can view users and devices, restore files to the source user's devices using the CrashPlan console, and view data in reports.
-
Limitations
- Cannot change settings.
- Cannot add/deactivate users, devices, or organizations.
-
Scope of permissions
- The user's organization and its child organizations.
Permissions | Description |
---|---|
computer.read | Permission to view computer information. |
console.login | Permission to log in to the CrashPlan console. |
cpd.restore | Permission to restore from the CrashPlan app. |
org.read | Permission to view org information within user's organization. |
plan.read | Permission to read information about plans within a user's organization hierarchy. |
pushrestore.personal | Permission to perform a personal push restore. |
restore.limited | Permission to perform a limited size web restore for all devices user has authority to manage. |
restore.personal | Permission to perform a personal web restore. |
select.personal | Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources. |
user.read | Permission to view user information. |
viewlogs.device | Allows access to agent logs for any device the user has read permissions to |
PROe User
This role is the default role for CrashPlan console users. People with this role can sign in to the CrashPlan console and restore files from the CrashPlan console.
-
Limitations
- Cannot access other information or functions of CrashPlan.
-
Scope of permissions
- Assigned user.
Permissions | Description |
---|---|
console.login | Permission to log in to the CrashPlan console. |
cpd.restore | Permission to restore from the CrashPlan app. |
Push Restore
Assign this role to help desk personnel who assist others with restoring data. People with this role can restore files from the CrashPlan console and view files within backup archives. Assign this role in conjunction with a role that has access to the CrashPlan console, such as Org Help Desk.
-
Limitations
- Cannot add/deactivate users, organizations, or devices.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
pushrestore.all | Permission to perform a push restore from and to any device the user has authority to manage. |
pushrestore.limited | Permission to perform a push restore only to the source user's devices. There is no size limit. |
pushrestore.personal | Permission to perform a personal push restore. |
select.all | Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources. |
select.personal | Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources. |
Remote File Selection
Assign this role to help desk personnel who monitor backups by viewing files within backup archives. Assign this role in conjunction with a role that has access to the CrashPlan console, such as Org Help Desk - No Restore.
-
Limitations
- Cannot add/deactivate users, organizations, or devices.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
select.all | Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources. |
select.personal | Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources. |
Security Administrator
Assign this role to an administrator whose work is limited to setup and maintenance of the CrashPlan installation. People assigned this role can perform client management jobs that include app downloads, deployment policies, customizations, and CrashPlan app upgrades.
Assign this role instead of the Customer Cloud Admin role if the administrator's job is limited to setup and maintenance of the CrashPlan installation.
-
Limitations
- Cannot add or deactivate users.
-
Scope of permissions
- All organizations.
Permissions | Description |
---|---|
client_management.agent_channel_upgrade.read | Permission to read AgentUpgradeChannel information. |
client_management.agent_channel_upgrade.subscribe | Permission to subscribe to an AgentUpgradeChannel. |
client_management.deployment_policy.read | Permission to read DeploymentPolicy information. |
client_management.deployment_policy.write | Permission to write DeploymentPolicy information. |
client_management.device_upgrade.read | Permission to read DeviceUpgrade (DCU) settings. |
client_management.device_upgrade.write | Permission to write DeviceUpgrade (DCU) settings. |
console.login | Permission to log in to the CrashPlan console. |
customer_admin.all | Permission to configure settings for your entire environment, such as subscription information and single sign-on (SSO). |
dataconnections.settings.read | View all settings configured for Data Connections. |
dataconnections.settings.write | Add, edit, and remove settings configured for Data Connections. |
User Modify
Assign this role to help desk personnel who modify user settings in their organization, but who do not modify device or organization settings. This role must be assigned in conjunction with a role that has access to the CrashPlan console, such as Cross Org Help Desk.
-
Limitations Scope of permissions
- Cannot add or deactivate users.
- Cannot update organization settings.
- The user's organization and its child organizations.
Permissions | Description |
---|---|
user.read | Permission to view user information. |
user.update | Permission to update user information. |