Configuring Permissions for File and Application Item Restore
Accounts that you want to use for guest OS file restore and application item restore must have sufficient permissions.
By default, users can restore all types of files from available backups. Files can be restored either to the local machine or the original location. For security purposes, you can configure additional restrictions for the restore scope. For example, you can specify the list of file types available to the user or prohibit downloading of restored files at all.
To let users restore application items, you must assign a security role to the user account and allow the account to access and restore application items. For example, users responsible for Oracle database restore must be assigned an Enterprise Manager role and be able to restore Oracle databases.
To configure permissions for file and application item restore, take the following steps when adding or editing an account.
- Open the Roles section of the Configuration view.
- Click Add to add an account, or select an existing account and click Edit.
- In the Allow restore of section, to allow restore of entire machines and VM disks of machines included in the restore scope, select the Entire machines and disks check box.
- To allow restore of guest OS files, select the Files and folders check box. If you select this check box, you can also select the following options:
- Allow in-place file restores only — select this option to allow file-level restore to the original location only. Consider that the restored files will be available only to accounts that have access to the original machine.
- Allow restore of files with these extensions only — select this option to define which file types are allowed for restore. In the text box, enter a list of extensions for allowed file types, separated by commas.
- To allow restore of Microsoft Exchange items (mail, calendars, tasks), select the Microsoft Exchange items check box.
- To allow restore of databases, select the Databases check box. If you select this check box, you can also select the following options:
- Select Microsoft SQL Server databases to allow restore of Microsoft SQL databases on machines included in the user's restore scope.
- Select Oracle databases to allow restore of Oracle databases on machines included in the user's restore scope.
- Select PostgreSQL instances to allow restore of PostgreSQL instances on machines included in the user's restore scope.
- Select Deny in-place database restores to restrict the user from overwriting the original databases during the database restore process.
- Click OK to save the changes.
- [For Microsoft Exchange items restore] Specify an Active Directory account that will be used to restore Exchange items:
- Open the Settings section of the Configuration view.
- On the Directory Account tab, specify a user name and password of the necessary account. Make sure the account meets the following requirements:
- The account must be a member of the Organization Management or Domain Administrators group.
- The account must have sufficient rights to access mailboxes. To assign these rights, you can use Exchange Impersonation or grant the Full Access permission to the account. For more information on Exchange Impersonation, see Microsoft Docs.
- Click Save to save the changes.