License editions: To understand the applicable license editions, see Plans & Pricing.
Overview
Administrators manage inSync. You can assign a role to each administrator that you create in inSync. An administrative role is a collection of individual rights. A right grants the ability to control administrator access to the inSync Management Console and the ability to perform tasks on the inSync Management Console.
📝 Note
When you upgrade from your previous inSync version, the profile administrators will map to the new Profile Administrator role. Additionally, the predefined rights assigned to the new Profile Administrator role automatically apply to the upgraded profile administrator.
Types of administrative roles
inSync includes predefined roles that contain the rights required to perform tasks on the inSync Management Console. You can assign these predefined roles to the administrators, or you can create your own roles by combining selected rights.
❗ Important
You can create only Druva Cloud Administrator and Cloud Administrator roles in the Business edition.
The following table lists the types of administrator roles available in inSync.
Role | Description |
Predefined roles | There are seven predefined roles available in the inSync Management Console.
In addition to the above predefined roles, Druva Cloud Administrator role is available only in Druva Cloud Platform Console.
For information on how you can create predefined roles, see Create a predefined role. |
Custom roles | You can create custom roles depending on your organization’s needs.
For information on how you can create custom roles, see Create a custom role. |
Considerations
A role is a set of tasks that administrators can perform based on the rights assigned to them. Each role contains a set of categories, and each category contains a set of granular rights that an administrator can perform.
Only the Druva Cloud Administrator and Cloud Administrator have access to the Administrators page on the inSync Management Console as well as Druva Cloud Platform Console.
You can assign only one role to an administrator. However, you can assign multiple administrators to one role.
When you create a role, you can import rights from a predefined role, or you can create a new custom role without importing rights from any role. When you import a role, the predefined rights are imported with the role. However, you cannot import rights from the Legal administrator and Cloud Administrator roles.
You cannot edit or delete the Cloud Administrator and Legal administrator roles. You can edit or delete all other predefined and custom roles.
Predefined administrator roles
The following table lists the predefined administrator roles for each edition.
📝 Note
Legal Hold Management rights can be assigned to any role.
Administrat
or Role | Available in | Description |
Druva Cloud Administrator | Available for all the license types | Druva Cloud Administrator can configure Druva services (inSync and Druva) and has the privileges to set up and manage the product account, create another Druva Cloud Administrator and other administrators. Only a Druva Cloud Administrator can manage another Druva Cloud Administrator.
Also, a Druva Cloud Administrator inherits the privileges of the Cloud Administrator. |
Cloud Administrator | Available for all the license types | An administrator assigned to this role can perform all core inSync activities such as configuring, managing, and monitoring inSync. Cloud Administrators can create and manage other administrators and also manage another Cloud Administrator.
Cloud Administrators can configure a compliance policy. They can also place and view users on legal hold. |
Workload Administrator | Available for all the license types | An administrator assigned to this role can manage operations for a specific data source individually.
For example, a Workload Administrator for the Endpoints data source will have rights only related to Endpoints. Similarly, a Data Source administrator for Microsoft 365 > Exchange Online, will have access to only Exchange Online and to no other workloads. |
Data Protection administrator |
| An administrator assigned to this role has restricted access associated with their profiles. They have the necessary permissions to manage data privacy and data access settings for the users.
The Data Protection administrator cannot place or view users on Legal Hold. |
Help Desk administrator | Available for all the license types | An administrator assigned to this role has restricted access associated with their profiles. They have the necessary permissions to manage day-to-day activities such as performing backup and restore operations, resetting passwords for the users, and addressing user complaints.
The Help Desk administrator cannot place or view users on legal hold. |
Legal administrator |
| An administrator assigned to this role can perform activities related to Legal Hold, such as creating and deleting ######{{legalhold}} policies, viewing users who are on legal hold, adding and removing users from legal hold, viewing and accessing backed up data, viewing, managing, and deleting Legal Hold clients. |
Profile administrator | Available for all the license types | An administrator assigned to this role has restricted access associated with their profiles. They have the necessary permissions to manage users and devices, and backups and restores.
Profile administrators can access the Non-Compliant report only for the profiles that they are mapped to. However, they cannot view the compliance summary at the Sensitive Data Governance Dashboard, or configure a compliance policy.
Additionally, profile administrators cannot place or view users on legal hold. |
Sensitive Data Governance administrator | Elite Plus (deprecated)
Or with the Sensitive Data Governance | An administrator assigned to this role has access to all pages of Sensitive Data Governance and they can define, edit, and delete policies, templates, and sensitive data and edit compliance settings.
They also have access to inSync reports. |
View Only administrator | Available for all the license types | An administrator assigned to this role has restricted access associated with their profiles. They have the necessary permissions to view the inSync settings and user details. They also have access to inSync reports.
The View Only administrator cannot place or view users on legal hold. |