By default, users can restore all types of files from available backups. Files can be restored to two possible destinations – a restore operator can choose to download files to the local machine or restore a file directly to the original location (that is, the original machine). For security purposes, you can configure additional restrictions for restore operations – for example, narrow the list of file types that operators can restore, or prohibit operators to download restored files.
To configure additional restrictions for restore operations, do the following when creating or editing user account settings:
- In the Allow restore of section of the Add Role or Edit Role dialog, enable the required restrictions:
- Select the Entire virtual machines checkbox to allow the user to restore entire machines included in the user’s restore scope.
- Select the Guest files checkbox to allow the user to restore guest OS files. The following options will then become available:
- Allow in-place file restores only option selected will disable the Download option for users performing a file restore. With this restriction enabled, users will only be able to restore files to the original location. Restored files will be available to the accounts having access to the original machine.
- Allow restore of files with these extensions only option allows you to define which file types can be restored by users. In the text box, enter list extensions for allowed file types, separated by commas.
- If this user should be able to restore Microsoft Exchange items (mail, calendars, tasks) from server backups, select the corresponding check box.
- You can enable the user to restore Databases by selecting the corresponding checkbox. The following options will then become available:
- Select the Microsoft SQL Server databases checkbox to allow the user to restore Microsoft SQL Server databases included in the user’s restore scope.
- Select the Oracle databases checkbox to allow the user to restore Oracle databases included in the user’s restore scope.
- Deny in-place database restores (safer) option selected will prevent the user account from overriding production databases at the restore.
- Click OK to save the settings.