Roles reference

Overview

Your CrashPlan environment has a pre-existing set of user roles that can be applied to user accounts. These standard user roles provide administrators with the fine-grained set of permissions needed for most use cases. This article describes the available standard roles, as well as the permissions for each.

To assign roles to users, see Manage user roles (CrashPlan). For use cases, see Role assignment use cases (CrashPlan).

View roles

  1. Sign in to the CrashPlan console as a user with the Customer Cloud Admin role.
  2. Navigate to Administration > Environment > Users
  3. Click a user row to open the user details page. 
  4. Select Edit from the action menu in the upper-right corner.
  5. Click the Roles tab. 
  6. Select a role from the Available Roles or Current Roles lists.
    The permissions granted by the selected role are displayed in the Role's Permissions table. 

edit roles.png

Standard roles for CrashPlan

Admin Restore

Assign this role to administrators who restore data for users using the CrashPlan console. Assign this role in conjunction with a role that has access to the CrashPlan console, such as PROe User or Desktop User.

  • Limitations 
    • No access to the CrashPlan console or CrashPlan app.
  • Scope of permissions
    • All organizations.
Permissions Description
restore.all Permission to perform a full web restore for all devices user has authority to manage.
restore.limited Permission to perform a limited size web restore for all devices user has authority to manage.
restore.personal Permission to perform a personal web restore.


Admin Restore Limited

Assign this role to administrators who restore a limited amount of data for users using the CrashPlan console. The amount that this role is limited to restore is defined by Web restore limit in organization settings. Assign this role in conjunction with a role that has access to the CrashPlan console, such as PROe User or Desktop User.

  • Limitations 
    • No access to the CrashPlan console or CrashPlan app.
  • Scope of permissions
    • All organizations.
Permissions Description
restore.limited Permission to perform a limited size web restore for all devices user has authority to manage.


Alert Emails

Assign this role to administrators who want to receive warning and critical alerts emails to monitor the frequency and success of backup operations for their users' devices.

  • Limitations 
    • No "root" level access.
  • Scope of permissions
    • All organizations.
Permissions Description
ReceivesAlert.EMAIL Permission to receive alert emails.


Audit Log Viewer

Assign this role to information security personnel who need to review events in the Audit Log

Assign this role in conjunction with a role that has access to the CrashPlan console, such as PROe User or Desktop User.

  • Limitations 
    • Cannot perform any functions except view the Audit Log.
  • Scope of permissions
    • All organizations.
Permissions Description
auditlog.read Permission to view Audit Log events.


Cross Org Admin

Assign this role to administrators who manage users and devices in all organizations, and who need to restore files for users. 

  • Limitations 
    • Has only limited access to the CrashPlan console command line interface (CLI).
    • Cannot access system logs.
  • Scope of permissions
    • All organizations.
Permissions Description
account.update For internal use only.
console.login Permission to log in to the CrashPlan console.
cpd.restore Permission to restore from the CrashPlan app.
crossorg_computer.all Permission to access, alter, or remove any computer information across the customer's organization.
crossorg_computer.delete Permission to delete any computer across the customer's organization.
crossorg_computer.read Permission to view computer information across the customer's organization.
crossorg_computer.update Permission to update computer information across the customer's organization.
crossorg_org.create Permission to create new parent organizations across the customer's organization.
crossorg_org.delete Permission to delete any org across the customer's organization.
crossorg_org.read Permission to view organization information across the customer's organization.
crossorg_org.update_deactivate Permission to update organization information and deactivate organizations across the customer's organization.
crossorg_plan.all Permission to create, read, update and delete plans across the customer's organization.
crossorg_plan.create Permission to create plans across the customer's organization.
crossorg_plan.delete Permission to delete plans across the customer's organization.
crossorg_plan.read Permission to read information about plans across the customer's organization.
crossorg_plan.update Permission to update information on plans across the customer's organization.
crossorg_user.all Permission to access, alter, or remove any user information across the customer's organization.
crossorg_user.create Permission to create users across the customer's organization.
crossorg_user.delete Permission to delete users across the customer's organization.
crossorg_user.read Permission to view user information across the customer's organization.
crossorg_user.update Permission to update user information across the customer's organization.
fileforensics.settings_write Permission to view and edit file forensics related settings.
preservation.archive.purgepath Permission to remove specified paths and associated file versions from archives.
pushrestore.all Permission to perform a push restore from and to any device the user has authority to manage.
pushrestore.limited Permission to perform a push restore only to the source user's devices. There is no size limit.
pushrestore.personal Permission to perform a personal push restore.
restore.all Permission to perform a full web restore for all devices user has authority to manage.
restore.limited Permission to perform a limited size web restore for all devices user has authority to manage.
restore.personal Permission to perform a personal web restore.
search.configure Permission to configure search related settings.
securitytools.settings_write Permission to edit settings for CrashPlan Security Tools.
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.
system.command_restricted View the CLI and run any command for which the user has permission.
viewlogs.device Allows access to agent logs for any device the user has read permissions to


Cross Org Admin - No Restore

Assign this role to administrators who manage users and devices in all organizations, but who should not restore files for users. 

  • Limitations 
    • Cannot perform push or web restores.
    • Limited access to the CrashPlan console command line interface (CLI).
    • Cannot access system logs.
  • Scope of permissions
    • All organizations.
Permissions Description
account.update For internal use only.
console.login Permission to log in to the CrashPlan console.
cpd.restore Permission to restore from the CrashPlan app.
crossorg_computer.all Permission to access, alter, or remove any computer information across the customer's organization.
crossorg_computer.delete Permission to delete any computer across the customer's organization.
crossorg_computer.read Permission to view computer information across the customer's organization.
crossorg_computer.update Permission to update computer information across the customer's organization.
crossorg_org.create Permission to create new parent organizations across the customer's organization.
crossorg_org.delete Permission to delete any org across the customer's organization.
crossorg_org.read Permission to view organization information across the customer's organization.
crossorg_org.update_deactivate Permission to update organization information and deactivate organizations across the customer's organization.
crossorg_plan.all Permission to create, read, update and delete plans across the customer's organization.
crossorg_plan.create Permission to create plans across the customer's organization.
crossorg_plan.delete Permission to delete plans across the customer's organization.
crossorg_plan.read Permission to read information about plans across the customer's organization.
crossorg_plan.update Permission to update information on plans across the customer's organization.
crossorg_user.all Permission to access, alter, or remove any user information across the customer's organization.
crossorg_user.create Permission to create users across the customer's organization.
crossorg_user.delete Permission to delete users across the customer's organization.
crossorg_user.read Permission to view user information across the customer's organization.
crossorg_user.update Permission to update user information across the customer's organization.
fileforensics.settings_write Permission to view and edit file forensics related settings.
pushrestore.personal Permission to perform a personal push restore.
   
search.configure Permission to configure search related settings.
securitytools.settings_write Permission to edit settings for CrashPlan Security Tools.
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.
system.command_restricted View the CLI and run any command for which the user has permission.
viewlogs.device Allows access to agent logs for any device the user has read permissions to


Cross Org Computer Modify

Assign this role to individuals who modify device settings in all organizations. Assign in conjunction with Cross Org Help Desk to allow help desk personnel to add and deactivate user devices.

  • Limitations 
    • Cannot add/deactivate users or organizations.
  • Scope of permissions
    • All organizations.
Permissions Description
crossorg_computer.update Permission to update computer information across the customer's organization.
crossorg_user.read Permission to view user information across the customer's organization.


Cross Org Help Desk

Assign this role to help desk personnel who assist others in all organizations, but who cannot change any settings. The people with this role can view users and devices, restore files to the source user's devices using the CrashPlan console, and use reports to view data. To allow people with this role to add and deactivate user devices, assign this role in conjunction with the Cross Org Computer Modify role. 

  • Limitations 
    • Cannot change settings.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • All organizations.
Permissions Description
console.login Permission to log in to the CrashPlan console.
cpd.restore Permission to restore from the CrashPlan app.
crossorg_computer.read Permission to view computer information across the customer's organization.
crossorg_org.read Permission to view organization information across the customer's organization.
crossorg_plan.read Permission to read information about plans across the customer's organization.
crossorg_user.read Permission to view user information across the customer's organization.
pushrestore.limited Permission to perform a push restore only to the source user's devices. There is no size limit.
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.


Cross Org Help Desk - No Restore

Assign this role to help desk personnel who assist others in all organizations, but who do not change any settings or restore files for others. People with this role can view users and devices and use reports to view data.

  • Limitations 
    • Cannot perform push or web restores.
    • Cannot change settings.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • All organizations.
Permissions Description
console.login Permission to log in to the CrashPlan console.
cpd.restore Permission to restore from the CrashPlan app.
crossorg_computer.read Permission to view computer information across the customer's organization.
crossorg_org.read Permission to view organization information across the customer's organization.
crossorg_plan.read Permission to read information about plans across the customer's organization.
crossorg_user.read Permission to view user information across the customer's organization.


Cross Org Legal Admin

Assign this role to legal personnel who place custodians on legal hold and administer legal holds for all organizations. People with this role can restore files for legal hold collection purposes (push restore), view data in reports, and create, modify, and deactivate legal holds.

  • Limitations 
    • No "root" level access.
    • Cannot change settings.
    • Cannot add or deactivate users, devices, or organizations.
  • Scope of permissions
    • All organizations.
Permissions Description
console.login Permission to log in to the CrashPlan console.
crossorg_computer.read Permission to view computer information across the customer's organization.
crossorg_org.read Permission to view organization information across the customer's organization.
crossorg_plan.all Permission to create, read, update and delete plans across the customer's organization.
crossorg_plan.create Permission to create plans across the customer's organization.
crossorg_plan.delete Permission to delete plans across the customer's organization.
crossorg_plan.read Permission to read information about plans across the customer's organization.
crossorg_plan.update Permission to update information on plans across the customer's organization.
crossorg_user.read Permission to view user information across the customer's organization.
legalhold.all Permission to perform any operation regarding any Legal Hold
legalhold.create Permission to create a Legal Hold
legalhold.modify_membership Permission to add/remove users to/from any Legal Hold
legalhold.read Permission to view any Legal Hold
legalhold.update Permission to update any Legal Hold
pushrestore.all Permission to perform a push restore from and to any device the user has authority to manage.
pushrestore.limited Permission to perform a push restore only to the source user's devices. There is no size limit.
pushrestore.personal Permission to perform a personal push restore.
restore.all Permission to perform a full web restore for all devices user has authority to manage.
restore.limited Permission to perform a limited size web restore for all devices user has authority to manage.
restore.personal Permission to perform a personal web restore.
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.


Cross Org Manager

Assign this role to executive users who need statistics, but not technical details, about all organizations. People with this role can view users and devices, restore files to the source user's devices using the CrashPlan console, and view data in reports.

  • Limitations 
    • Cannot change settings.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • All organizations.
Permissions Description
console.login Permission to log in to the CrashPlan console.
cpd.restore Permission to restore from the CrashPlan app.
crossorg_computer.read Permission to view computer information across the customer's organization.
crossorg_org.read Permission to view organization information across the customer's organization.
crossorg_plan.read Permission to read information about plans across the customer's organization.
crossorg_user.read Permission to view user information across the customer's organization.
pushrestore.personal Permission to perform a personal push restore.
restore.limited Permission to perform a limited size web restore for all devices user has authority to manage.
restore.personal Permission to perform a personal web restore.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.
 

Cross Org User Modify

Assign this role to help desk personnel who modify user settings on all organizations, but not device or organization settings. This role must be assigned in conjunction with a role that has access to the CrashPlan console, such as Cross Org Help Desk.

  • Limitations 
    • Cannot add or deactivate users.
    • Cannot update organization settings.
  • Scope of permissions
    • All organizations.
Permissions Description
crossorg_user.read Permission to view user information across the customer's organization.
crossorg_user.update Permission to update user information across the customer's organization.


Customer Cloud Admin

Assign this role to "super user" administrators who should have all possible permissions. People with this role have permissions to perform the tasks of any role.

Use with caution
Always assign roles so that users have the lowest level of privilege needed to perform their jobs. Do not assign the Customer Cloud Admin role if another role will provide the desired permissions. 
  • Limitations 
    • Limited access to the CrashPlan console command line interface (CLI).
    • Cannot access system logs.
  • Scope of permissions
    • All organizations.
 

Desktop User

This role is the default role for CrashPlan app users. People with this role can sign in to the CrashPlan app, select files for backup in the CrashPlan app, and restore files from the CrashPlan app.

  • Limitations 
    • Cannot interact with other users' data or change settings in the CrashPlan environment.
  • Scope of permissions
    • Assigned user.
Permissions Description
cpd.restore Permission to restore from the CrashPlan app.
plan.create Permission to create plans within a user's organization hierarchy.
restore.personal Permission to perform a personal web restore.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.


Desktop User - No Web Restore

Assign this role to users of the CrashPlan app who do not need to perform restores using the CrashPlan console. People with this role can still restore files from the CrashPlan app and select files for backup in the CrashPlan app.

  • Limitations 
    • Cannot interact with other users' data or change settings.
    • Cannot perform web restores.
  • Scope of permissions
    • Assigned user.
Permissions Description
cpd.restore Permission to restore from the CrashPlan app.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.


Identity Management Administrator

Assign this role to an administrator whose work is limited to setup and maintenance of Identity Management. People assigned this role can configure single sign-on and provisioning

Use with caution
The directory.uac.elevated_role_manage permission allows a user with this role to assign any user to any role. Always assign roles so that users have the lowest level of privilege needed to perform their jobs.
  • Scope of permissions
    • All organizations.
Permissions Description
console.login Permission to log in to the CrashPlan console.
directory.identity_management.read View identity management integrations.
directory.identity_management.write Create and modify identity management integrations.
directory.uac.elevated_role_manage Authorize principal to manage role assignments for any customer role.


Manifest Viewer

Assign this role to people who need to access archive metadata so they can generate reports on files and their versions. This role is used only by APIs.

  • Limitations 
    • Does not directly grant access to view or manage users and organizations.
  • Scope of permissions
    • Used solely by APIs.
    • Allows access to archives for all organizations.
Permissions Description
preservation.metadata.read Permission to view the preservation manifest for any archive in the organization.


Multi-Factor Auth Admin

Assign this role to administrators who manage two-factor authentication for local users within a specific organization. Assign this role in conjunction with an administrative role with organization and user access rights such as Org Admin.

  • Limitations 
    • Does not directly grant access to view or manage users and organizations.
  • Scope of permissions
    • The user's organization and its child organizations.
Permissions Description
twofactorauth.configure Permission to view and edit two-factor auth settings for local users.


Org Admin

Assign this role to administrators who manage users and devices within a specific organization. The person assigned this role can perform web restores, view data in reports, and update settings for users, devices, and organizations.

  • Limitations 
    • Limited access to the CrashPlan console command line interface (CLI).
    • Cannot access system logs.
  • Scope of permissions
    • The user's organization and its child organizations.
Permissions Description
account.update For internal use only.
computer.all Permission to access, alter, or remove any computer information.
computer.delete Permission to delete computer.
computer.read Permission to view computer information.
computer.update Permission to update computer information.
console.login Permission to log in to the CrashPlan console.
cpd.restore Permission to restore from the CrashPlan app.
fileforensics.settings_write Permission to view and edit file forensics related settings.
org.create Permission to create child organizations within user's organization.
org.delete Permission to delete information within user's organization.
org.read Permission to view org information within user's organization.
org.update_deactivate Permission to update information within a user's organization and deactivate organizations.
plan.all Permission to create, read, update and delete plans within a user's organization hierarchy.
plan.create Permission to create plans within a user's organization hierarchy.
plan.delete Permission to delete plans from a user's organization hierarchy.
plan.read Permission to read information about plans within a user's organization hierarchy.
plan.update Permission to update information on plans within a user's organization hierarchy.
preservation.archive.purgepath Permission to remove specified paths and associated file versions from archives.
pushrestore.all Permission to perform a push restore from and to any device the user has authority to manage.
pushrestore.limited Permission to perform a push restore only to the source user's devices. There is no size limit.
pushrestore.personal Permission to perform a personal push restore.
restore.all Permission to perform a full web restore for all devices user has authority to manage.
restore.limited Permission to perform a limited size web restore for all devices user has authority to manage.
restore.personal Permission to perform a personal web restore.
search.configure Permission to configure search related settings.
securitytools.settings_write Permission to edit settings for CrashPlan Security Tools.
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.
system.command_restricted View the CLI and run any command for which the user has permission.
user.all Permission to access, alter or remove any user information.
user.create Permission to create users.
user.delete Permission to delete users.
user.read Permission to view user information.
user.update Permission to update user information.
viewlogs.device Allows access to agent logs for any device the user has read permissions to


Org Admin - No Web Restore

Assign this role to administrators who manage users and devices within a specific organization and who do not perform web restores. The person assigned this role can update settings for users, devices, and organizations.

  • Limitations 
    • The user's organization and its child organizations.
  • Scope of permissions
    • Cannot add/deactivate users or computers outside their organization.
    • Limited access to the CrashPlan console command line interface (CLI).
    • Cannot access system logs.
    • Cannot perform web restores.
Permissions Description
account.update For internal use only.
computer.all Permission to access, alter, or remove any computer information.
computer.delete Permission to delete computer.
computer.read Permission to view computer information.
computer.update Permission to update computer information.
console.login Permission to log in to the CrashPlan console.
cpd.restore Permission to restore from the CrashPlan app.
fileforensics.settings_write Permission to view and edit file forensics related settings.
org.create Permission to create child organizations within user's organization.
org.delete Permission to delete information within user's organization.
org.read Permission to view org information within user's organization.
org.update_deactivate Permission to update information within a user's organization and deactivate organizations.
plan.all Permission to create, read, update and delete plans within a user's organization hierarchy.
plan.create Permission to create plans within a user's organization hierarchy.
plan.delete Permission to delete plans from a user's organization hierarchy.
plan.read Permission to read information about plans within a user's organization hierarchy.
plan.update Permission to update information on plans within a user's organization hierarchy.
pushrestore.all Permission to perform a push restore from and to any device the user has authority to manage.
pushrestore.limited Permission to perform a push restore only to the source user's devices. There is no size limit.
pushrestore.personal Permission to perform a personal push restore.
search.configure Permission to configure search related settings.
securitytools.settings_write Permission to edit settings for CrashPlan Security Tools.
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.
system.command_restricted View the CLI and run any command for which the user has permission.
user.all Permission to access, alter or remove any user information.
user.create Permission to create users.
user.delete Permission to delete users.
user.read Permission to view user information.
user.update Permission to update user information.
viewlogs.device Allows access to agent logs for any device the user has read permissions to


Org Computer Modify

Assign this role to individuals who modify device settings in their organization. Assign in conjunction with Org Help Desk to enable help desk personnel to add and deactivate user devices.

  • Limitations 
    • Cannot modify settings of devices in other organizations.
    • Cannot add/deactivate users or organizations.
  • Scope of permissions
    • All organizations.
Permissions Description
computer.update Permission to update computer information.
user.read Permission to view user information.


Org Help Desk

Assign this role to help desk personnel who assist others in their organization, but who do not change any settings. The people with this role can view users and devices, restore files to the source user's devices using the CrashPlan console, and use reports to view data. To allow people with this role to add and deactivate devices, assign this role in conjunction with the Org Computer Modify role. 

  • Limitations 
    • Cannot change settings.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • The user's organization and its child organizations.
Permissions Description
computer.read Permission to view computer information.
console.login Permission to log in to the CrashPlan console.
cpd.restore Permission to restore from the CrashPlan app.
org.read Permission to view org information within user's organization.
plan.read Permission to read information about plans within a user's organization hierarchy.
pushrestore.limited Permission to perform a push restore only to the source user's devices. There is no size limit.
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.
user.read Permission to view user information.


Org Help Desk - No Restore

Assign this role to help desk personnel who assist others in their organization, but who do not change any settings or restore files for others. People with this role can view users and devices.

  • Limitations 
    • Cannot perform push or web restores.
    • Cannot change settings.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • The user's organization and its child organizations.
Permissions Description
computer.read Permission to view computer information.
console.login Permission to log in to the CrashPlan console.
cpd.restore Permission to restore from the CrashPlan app.
org.read Permission to view org information within user's organization.
plan.read Permission to read information about plans within a user's organization hierarchy.
user.read Permission to view user information.


Org Legal Admin

Assign this role to legal personnel who place custodians on legal hold and administer legal holds for all organizations, but who only need to restore files from users within their organization. People with this role can restore files for legal hold collection purposes (push restore), and create, modify, and deactivate legal holds.

  • Limitations 
    • No "root" level access.
    • Cannot change settings.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • The user's organization and its child organizations.
Permissions Description
computer.read Permission to view computer information.
console.login Permission to log in to the CrashPlan console.
legalhold.all Permission to perform any operation regarding any Legal Hold
legalhold.create Permission to create a Legal Hold
legalhold.modify_membership Permission to add/remove users to/from any Legal Hold
legalhold.read Permission to view any Legal Hold
legalhold.update Permission to update any Legal Hold
org.read Permission to view org information within user's organization.
plan.all Permission to create, read, update and delete plans within a user's organization hierarchy.
plan.create Permission to create plans within a user's organization hierarchy.
plan.delete Permission to delete plans from a user's organization hierarchy.
plan.read Permission to read information about plans within a user's organization hierarchy.
plan.update Permission to update information on plans within a user's organization hierarchy.
pushrestore.all Permission to perform a push restore from and to any device the user has authority to manage.
pushrestore.limited Permission to perform a push restore only to the source user's devices. There is no size limit.
pushrestore.personal Permission to perform a personal push restore.
restore.all Permission to perform a full web restore for all devices user has authority to manage.
restore.limited Permission to perform a limited size web restore for all devices user has authority to manage.
restore.personal Permission to perform a personal web restore.
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.
user.read Permission to view user information.


Org Manager

Assign this role to executive users who need statistics, but not technical details, about their organization. People with this role can view users and devices, restore files to the source user's devices using the CrashPlan console, and view data in reports.

  • Limitations 
    • Cannot change settings.
    • Cannot add/deactivate users, devices, or organizations.
  • Scope of permissions
    • The user's organization and its child organizations.
Permissions Description
computer.read Permission to view computer information.
console.login Permission to log in to the CrashPlan console.
cpd.restore Permission to restore from the CrashPlan app.
org.read Permission to view org information within user's organization.
plan.read Permission to read information about plans within a user's organization hierarchy.
pushrestore.personal Permission to perform a personal push restore.
restore.limited Permission to perform a limited size web restore for all devices user has authority to manage.
restore.personal Permission to perform a personal web restore.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.
user.read Permission to view user information.
viewlogs.device Allows access to agent logs for any device the user has read permissions to

 


PROe User

This role is the default role for CrashPlan console users. People with this role can sign in to the CrashPlan console and restore files from the CrashPlan console.

  • Limitations 
    • Cannot access other information or functions of CrashPlan Cloud.
  • Scope of permissions
    • Assigned user.
Permissions Description
console.login Permission to log in to the CrashPlan console.
cpd.restore Permission to restore from the CrashPlan app.


Push Restore

Assign this role to help desk personnel who assist others with restoring data. People with this role can restore files from the CrashPlan console and view files within backup archives. Assign this role in conjunction with a role that has access to the CrashPlan console, such as Org Help Desk

  • Limitations 
    • Cannot add/deactivate users, organizations, or devices.
  • Scope of permissions
    • All organizations.
Permissions Description
pushrestore.all Permission to perform a push restore from and to any device the user has authority to manage.
pushrestore.limited Permission to perform a push restore only to the source user's devices. There is no size limit.
pushrestore.personal Permission to perform a personal push restore.
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.


Remote File Selection

Assign this role to help desk personnel who monitor backups by viewing files within backup archives. Assign this role in conjunction with a role that has access to the CrashPlan console, such as Org Help Desk - No Restore.

  • Limitations 
    • Cannot add/deactivate users, organizations, or devices.
  • Scope of permissions
    • All organizations.
Permissions Description
select.all Permission to remotely browse file and directory names for all devices user has authority to manage. Used for remotely selecting push-restore destination and backup sources.
select.personal Permission to remotely browse file and directory names for personal devices. Used for remotely selecting push-restore destination and backup sources.


Security Administrator

Assign this role to an administrator whose work is limited to setup and maintenance of the CrashPlan installation. People assigned this role can perform client management jobs that include app downloadsdeployment policies, customizations, and CrashPlan app upgrades.

Assign this role instead of the Customer Cloud Admin role if the administrator's job is limited to setup and maintenance of the CrashPlan installation. 

  • Limitations 
    • Cannot add or deactivate users.
  • Scope of permissions
    • All organizations.
Permissions Description
client_management.agent_channel_upgrade.read Permission to read AgentUpgradeChannel information.
client_management.agent_channel_upgrade.subscribe Permission to subscribe to an AgentUpgradeChannel.
client_management.deployment_policy.read Permission to read DeploymentPolicy information.
client_management.deployment_policy.write Permission to write DeploymentPolicy information.
client_management.device_upgrade.read Permission to read DeviceUpgrade (DCU) settings.
client_management.device_upgrade.write Permission to write DeviceUpgrade (DCU) settings.
console.login Permission to log in to the CrashPlan console.
customer_admin.all Permission to configure settings for your entire environment, such as subscription information and single sign-on (SSO).
dataconnections.settings.read View all settings configured for Data Connections.
dataconnections.settings.write Add, edit, and remove settings configured for Data Connections.
 

 

User Modify

Assign this role to help desk personnel who modify user settings in their organization, but who do not modify device or organization settings. This role must be assigned in conjunction with a role that has access to the CrashPlan console, such as Cross Org Help Desk.

  • Limitations Scope of permissions
    • Cannot add or deactivate users.
    • Cannot update organization settings.
    • The user's organization and its child organizations.
Permissions Description
user.read Permission to view user information.
user.update Permission to update user information.
 
Was this article helpful?
0 out of 0 found this helpful

Articles in this section