Skip to main content

Manage Administrator Roles for AWS Workloads

❗ Important

Administrators can now create and manage administrator roles for AWS Workloads from the DCP console. The integrated user management allows you to create Cloud Administrators and Group Administrators with specific access privileges to your Organizations and Accounts.

Overview

Role Based Access Control (RBAC) enables organizations to limit privileged user access to a predefined set of administrator roles and data assets to create ethical walls and enforce privacy and control. RBAC also enables the implementation of a delegated administration structure to meet customers’ organizational, compliance, and security requirements. Thus, organizations can achieve their goals efficiently with a seamless, granular, extensible administrator role management of their entities.

Druva provides a set of predefined administrator roles for creating administrators to manage the Management Console. Druva also offers flexibility to the cloud administrators to create custom administrator roles using the existing base roles. The predefined and custom administrator roles enable administrators to access and manage entities efficiently on the Management Console.

Types of administrators

This section provides information about the types of administrators.

  • Cloud Administrator for Enterprise Workloads

    Cloud Administrators for Enterprise Workloads have the privileges to configure and monitor the Druva setup and create another cloud, organization, and group administrators.

    Only a Cloud Administrator for Enterprise Workloads can manage other Cloud Administrators for Enterprise Workloads and also create organization administrators. A Cloud Administrator for AWS Workloads gets all the privileges of an organization administrator.

    In addition, a Cloud Administrator for Enterprise workloads gets all the privileges of an organization administrator.

  • Group Administrator for Enterprise Workloads

    Group administrators have restricted access to the administrative groups with which they are associated. They have necessary permissions for administrative group-related activities such as managing servers belonging to their administrative groups. The cloud administrator and the organization administrator can change the administrative groups associated with group administrators.

    One group administrator can be assigned to manage multiple administrative groups. Similarly, a single administrative group can be managed by more than one group administrator.

    📝 Notes

  • Group administrators will receive alert notification for only the associated administrative groups.

  • If you are an account administrator in Native Workloads, you will now be a group administrator with access to a specific account or a group of accounts. Group administrators can modify accounts that they are the administrators for but cannot add new users on AWS Workloads.

  • Administrators with view-only access

    The view-only administrators have read-only access to all configurations. However, they cannot perform any administration action on any entities on the Druva Cloud Platform Console. Druva provides the following view-only administrator roles.

    • Cloud administrator (View-only): Privilege to view, download, and email all reports and audit trails for all the organizations. The administrators can also view the activities of all the organizations. However, they cannot perform any action on the entities of the AWS Workloads Management Console.

    • Organization administrator (View-only): Privilege to view, download, and email all reports for the organization(s) they have access to. The administrators can also view the activities of the organizations. However, they cannot perform any action on the entities belonging to their organizations.

    • Group administrator (View-only): Privilege to view the activities of the administrative groups they are associated with. However, they cannot manage any administrative group. They can also subscribe to alerts and reports.

Create and manage administrator accounts

This section provides information about how to create various administrators and manage the administrators. For more information on administrators, see Key concepts and terms.

❗ Important

  • It is recommended to have a secondary administrator within your organization at any given time to avoid service disruptions if one of the administrators cannot log in or is no longer with the company.

  • After you set your new password, ensure you keep the password secure and remember it. Druva does not have access to your data and cannot reset your account password if you forget it. Only the Druva Cloud Administrators and Cloud Administrator for Enterprise workloadss can reset the password of other administrators in your organization.

Create a Cloud Administrators for Enterprise Workloads

Cloud Administrators for Enterprise Workloads can perform activities such as configuring, managing, and monitoring Druva. Cloud administrators can also create other cloud, organization, and group administrators. For more information, see Manage Druva administrators.

To create a Cloud Administrator for Enterprise Workloads:

  1. Log in to the Druva Cloud Platform Management Console.

  2. Click the Global Navigation icon, and navigate to Administration > Manage Administrators.

  3. On the Administrators page, click New Administrator.

    CreateCloudAdmin.png

  4. On the New Administrator page, specify the Display Name, Email Address, Country, Time Zone, and select the Role as Druva Cloud Administrator.

  5. Click Save.

When any non-administrator with an existing subscription to alerts or reports is added as a cloud administrator, the following message is displayed:

"This email ID is already subscribed for alert(s)/report(s) as a non-administrator. Adding users as an Administrator will remove any existing non-administrator subscriptions."

Create Product Administrators for Enterprise Workloads

Perform the following steps to create different types of administrators for Enterprise Workloads. For more information, see Manage Druva administrators.

Procedure

  1. Log in to the Druva Cloud Platform Management Console.

  2. Click the Global Navigation icon, and navigate to Administration > Manage Administrators.

  3. On the Administrators page, click New Administrator.

  4. On the Create New Administrator page, provide Display Name, Email Address, Country, Time Zone.

  5. Under Administrator Role, click Product Administrator and then select Enterprise Workloads.

  6. From the Roles dropdown, select the type of admin you want to create. For example, to create a cloud administrator, select Cloud Administrator r, or select Group Administrator to create a Group Admin to manage your AWS Accounts. For more information, see Types of administrators.

  7. Click Save.

When any non-administrator with an existing subscription to alerts or reports is added as a cloud administrator, the following message is displayed:

"This email ID is already subscribed for alert(s)/report(s) as a non-administrator. Adding user as an Administrator will remove any existing non-administrator subscriptions."

Set a password policy

Only a Druva Cloud Administrator can set a password policy for all the Enterprise Workloads administrator accounts. At the time of setting the password policy, you can choose to:

  • Enforce a strong password.

  • Set the number of previous passwords with which your new password must not match.

  • Set the number of invalid login attempts allowed.

  • Set the number of days after which the administrator password expires.

For more information, see Enable Password Policy for Administrators.

Update the administrator details

If you are a cloud administrator, you can update administrator details.

  1. Log in to the Druva Cloud Platform Management Console.

  2. Click the Global Navigation icon, and navigate to Administration > Manage Administrators.

  3. On the Administrators page, click on the administrator for whom you want to update details.

  4. Click Edit, and specify the following details.

    • Name: The display name of the administrator.

    • Country: The country where the administrator is located.

    • Time Zone: The time zone of the country of location.

📝 Note: The time zone determines the timestamps for all UI jobs triggered and any reports that the administrator receives.

  1. Click Save.

Delete an administrator account

If you are a cloud administrator, you can delete other cloud administrators, organization administrators, and group administrators. If you are an organization administrator, you can delete group administrators.

📝 Note: Druva does not send notifications for delete operations. You might want to consider informing the administrator whose account you deleted.

Procedure

  1. Log in to the Druva Cloud Platform Management Console.

  2. Click the Global Navigation icon, and navigate to Administration > Manage Administrators.

  3. Click the administrator that you want to delete, and then click Delete.

Related Articles
Manage Druva Administrators
Log in to Enterprise Workloads Management Console
Manage administrator roles for Enterprise Workloads
Manage administrative groups for Enterprise Workloads
Manage administrator accounts
Did this answer your question?