Skip to main content

Role-Based Access Control (RBAC) for Cyber Resiliency


Overview

Druva provides a powerful security tool - Cyber Resiliency that helps companies spot ransomware attacks, find clean data backups, and safely restore their systems after a ransomware attack.

The core challenge is that Cyber Resiliency features are only accessible to administrators with the Druva Cloud Administrator role, but both backup admins and SecOps teams need access. This forces organizations to grant more administrators the high-privilege Cloud Admin role, increasing security risk — if any of those credentials are compromised, a threat actor could gain unrestricted access to backups and system configurations.

Introducing Druva Cloud Platform View-Only Administrator role that eliminates the need to grant all administrators the high-privilege Druva Cloud Administrator role.

Administrator with the Druva Cloud Platform View-Only Administrator role can access and view all licensed Cyber Resiliency features. They do not have create, update/edit, delete actions permissions for Cyber Resiliency features.

Specific UI elements (buttons, checkboxes) are hidden and corresponding APIs are blocked for the administrator with the Druva Cloud Platform View-Only Administrator role.

Here is a comprehensive overview of the tasks/ actions that an administrator with the Druva Cloud Platform View-Only Administrator role can perform for Cyber Resiliency features:

Feature: Quarantine Bay

  • List and view existing quarantine ranges

  • List and view existing quarantined snapshots

  • View resource details

  • Search and filter capability

  • Download Logs for Quarantine Bay

Feature: Curated Snapshots

  • List and view existing Curated Snapshot jobs with details

  • List and view existing Curated Snapshots

  • View resource details

  • Search and filter capability

  • Download Report for Curated Snapshot jobs

Feature: Restore Scan

  • List and view existing Restore Scan jobs with details

  • List and view existing Restore Scan settings

  • Search and filter capability

  • Download Report for Restore Scan jobs

Feature: Data Anomalies

  • List and view existing impacted resources

  • View Data Anomalies settings

  • View resource details

  • Download Logs for Data Anomalies

Feature: Threat Hunting

  • List and view existing Threat Hunt jobs

  • List and view resources

  • View resource details

  • View scan parameters

  • Download Threat Hunt Report

Feature: Threat Watch

  • List and view existing Threat Watch matches

  • List and view impacted resources

  • View impacted resource details

  • Download Threat Watch Report

Feature: Cyber Recovery Runbooks

  • List and view existing Cyber Recovery Plans

  • List and view resources

  • View Cyber Recovery Plan details

  • Download Report for Cyber recovery Plans

  • View Recovery Report

  • View Recovery Job details

Feature: Audit Trails for Cyber Resiliency

  • List and view audit trails

Feature: Cyber Resiliency Alerts

  • List and view alerts

  • Subscribe to Cyber Resiliency alerts

Feature: IOC Library

  • List and view existing IOC sets

  • View IOC set details

  • Download IOC set

Feature: Security Center

  • View all Security Center settings

Feature: Access Events

  • View Data Access events, Admin Login events, and API requests

Feature: Cyber Resiliency Reports

  • View all Cyber Resiliency Reports

Related articles

Did this answer your question?