Skip to main content

Role based access control

Role Based Access Control (RBAC) allows users of Alcion to have fine-grained control over user permissions, providing them the ability to define permission boundaries for specific users.

Here are the key RBAC concepts.

  • Each user can have one or more roles.
  • Each role can have zero or more permissions.
  • A user can perform an operation if, and only if, at least one of their roles provides the required permission.

Predefined roles

Alcion currently supports predefined Admin and BackupOperator with support for custom roles coming in the near future. The Admin role allows the user to perform any operation while the BackupOperator role has restricted permissions. The below section describes the operations allowed.

Tenant dashboard

For the tenant dashboard, the operations and the access allowed by each role are:

OperationAdminBackupOperator
View resources
View aggregated stats
View activity
Change protection policy for resources
Define default protection policies
Initiate backups
View incidents
Browse backups
Restore backups
Export backups
Request and cancel backup deletions
View and update notification preferences
Manage subscriptions / billing
Manage membership in a partner

Partner dashboard

For the partner dashboard, the operations and the access allowed by each role are:

OperationAdminBackupOperator
View member tenants
View tenant-level aggregated stats
Manage member tenant
Manage subscriptions / billing