Skip to main content

Access Rights for Custom Roles and Cloud Admin (Read Only) Role

Overview

This article outlines the minimum permissions needed for custom role to use Druva inSync REST APIs, along with the default API permissions for the Cloud Admin Read Only role. It maps specific access rights across various API categories, such as User Management, Endpoints, Legal Hold, and Microsoft 365.

Custom Role

Permission-to-API Mapping

If you use the Druva inSync REST APIs, each API requires specific permissions. The following tables list the minimum permissions required for each API category.

User Management APIs

API

Endpoint

Method

Minimum Permission Required

GET

View Users

POST

Create and Import Users

/v1/users/{userID}

GET

View Users

/v1/users/{userID}

PATCH

Manage Users

/v1/users/{userID}

DELETE

Delete Users

/v1/users/{userID}/resetPassword

POST

Manage Users

/v1/users/{userID}/preserve

POST

Manage Users

/v1/users/{userID}/activate

POST

Manage Users

/v1/users/{userID}/download_user_auth_key

GET

Download Auth Keys

Profile Management APIs

API

Endpoint

Method

Minimum Permission Required

/v1/profiles

GET

View Profiles

/v1/profiles/{profileID}

GET

View Profiles

Endpoint APIs

API

Endpoint

Method

Minimum Permission Required

GET

View Users

GET

View Users

/v1/devices/{deviceID}

GET

View Users

/v2/devices/{deviceID}

GET

View Users

/v1/devices/{deviceID}

DELETE

Delete Workload

/v1/devices/{deviceID}/disable

POST

Manage Workload

/v1/devices/{deviceID}/enable

POST

Manage Workload

/v1/devices/{deviceID}/decommission

POST

Decommission Devices

/v1/devices/{deviceID}/upgradeClient

POST

Upgrade inSync Device

Endpoint Mapping APIs

API

Endpoint

Method

Minimum Permission Required

POST

Manage Device Mappings

GET

Manage Device Mappings

/v1/devicemappings/{mappingID}

DELETE

Manage Device Mappings

Endpoint Backup and Restore APIs

API

Endpoint

Method

Minimum Permission Required

GET

View Users

GET

View Restores

/v1/restores/{restoreID}

GET

View Restores

POST

Manage Restores

Legal Hold APIs

API

Endpoint

Method

Minimum Permission Required

/v3/policies

GET

View legal holds, Create and manage legal holds

/v4/policies

GET

View legal holds, Create and manage legal holds

/v3/policies/{policyId}

GET

View legal holds, Create and manage legal holds

/v4/policies/{policyId}

GET

View legal holds, Create and manage legal holds

/v3/policies/{policyId}/users

GET

View legal holds, Create and manage legal holds

/v4/policies/{policyId}/users

GET

View legal holds, Create and manage legal holds

/v4/policies/{policyId}/collection-stream

GET

View legal hold clients, Create and manage legal holds

/v4/clients

GET

View legal hold clients, Create and manage legal holds

/v4/clients/{clientId}

GET

View legal hold clients, Create and manage legal holds

/v4/job/{jobId}

GET

View legal hold clients, Create and manage legal holds

/v4/job

PUT

Manage legal hold clients

/v4/jobs

GET

View legal hold clients, Create and manage legal holds

/v3/policies

POST

Create and manage legal holds

/v4/policies

POST

Create and manage legal holds

/v4/policies/{policyId}

DELETE

Delete legal holds

/v4/policies/{policyId}

DELETE

Delete legal holds

/v3/policies/{policyId}/users

POST

Manage legal hold settings

/v3/users/policies

POST

View legal holds

/v4/policies/{policyId}

PUT

Manage legal hold settings

/v4/job

POST

Manage legal hold clients

Event Management APIs

API

Endpoint

Method

Minimum Permission Required

/v2/events

GET

View and download reports and view alerts

Storage Management APIs

API

Endpoint

Method

Minimum Permission Required

/v1/storages

GET

View Storages

/v1/storages/{storageID}

GET

View Storages

AD/LDAP Management APIs

API

Endpoint

Method

Minimum Permission Required

/v1/adConnectors

GET

View Users

Audit Trail Management APIs

API

Endpoint

Method

Minimum Permission Required

/v1/auditTrailSettings

GET

View inSync Settings

Federated Search APIs

API

Endpoint

Method

Minimum Permission Required

/v1/user/files

GET

Access Federated Search

/v1/user/emails

GET

Access Federated Search

Sensitive Data Governance APIs

API

Endpoint

Method

Minimum Permission Required

/v1/datatypes

GET

View Sensitive Data Governance Violations and Settings

/v1/policyTemplates

GET

View Sensitive Data Governance Violations and Settings

/v1/policies

GET

View Sensitive Data Governance Violations and Settings

/v1/whitelistKeywords

GET

View Sensitive Data Governance Violations and Settings

/v1/settings

GET

View Sensitive Data Governance Violations and Settings

/v1/fileViolations

GET

View Sensitive Data Governance Violations and Settings

/v1/emailViolations

GET

View Sensitive Data Governance Violations and Settings

Authentication API

API

Endpoint

Method

Minimum Permission Required

GET

Microsoft 365 APIs

Cloud Admin (Read only)

The Cloud Admin (Read Only) role is specifically configured to provide secure, view-only access to inSync Cloud APIs, enabling effective data monitoring and third-party integrations while preventing accidental or unauthorized updates.

Below are the APIs that cloud Admin (Read Only) can access:

Category

API Endpoint

User Management

Profile Management

Event Management

Storage Management

AD/LDAP Management

Audit Trail Management

Federated Search

Endpoints

Legal Hold

Event Management

Storage Management

AD/LDAP Management

Audit Trail Management

Federated Search

Federated Search

Sensitive Data Governance

Microsoft 365

Google Workspace

Did this answer your question?