Veritas Alta™ SaaS Protection Administrator's Guide
- Introduction to Veritas Alta™ SaaS Protection
- EDB and EDB compliance
- Active Directory synchronization
- Manage users and roles
- API permissions
- Add connectors
- Overview of adding connectors
- Add Exchange Online connectors
- Configure the capture scope for Exchange connectors
- Configure the capture scope for Exchange connectors
- Add SharePoint Online connectors
- Configuring the capture scopes for SharePoint connectors
- Add Teams site collections connectors
- Add OneDrive connectors
- Add Teams chat connectors
- Add Audit Log connectors
- Add Google Drive connectors
- Add Gmail connectors
- About the Salesforce connector
- Add Entra ID (Azure AD) connectors
- Add Box connectors
- Add Email/Messages
- Apps Consent Grant Utility
- Add Retention policies
- Perform backups
- Manage backed-up data
- Perform restores using Administration portal
- Restore SharePoint/OneDrive/Teams Sites and data
- Restore Teams chat messages and Teams channel conversations
- Restore Box data
- Restore Google Drive data
- About the Salesforce Data, Metadata, and CRM Content restore
- Limitations of Salesforce Metadata backup and restore
- About Entra ID (Azure AD) objects and records restore
- Perform restores using Export Utility
- Restore dashboard
- Install services and utilities
- Discovery
- Add Tagging polices
- Add Tiering policy
- General administrative tasks
- Manage Stors (Storages)
- Managing Scopes
- Known Issues
User permissions
Veritas Alta SaaS Protection offers the capability to implement role-based access control (RBAC) for its tenants. RBAC lets you grant users access and permissions according to their specific organizational roles.
The following table describes the permissions in Veritas Alta SaaS Protection.
Table: General settings permissions
General settings | Description |
---|---|
It permits the user to access and restore all content of the tenant. Also, by selecting the following respective checkboxes, you can prevent the user from sharing, downloading, restoring, and restoring to an alternative location.
| |
It permits the user with all permissions except Access All Items, Add Content, and API Impersonation. To mitigate the risks associated with the Full Admin account, provision this account only on-demand to prevent account sharing. | |
The assigned user can add new content to the tenant, typically the Service account. | |
It permits the user to sign in to the Administration portal without the ability to add, modify, or delete anything. | |
It permits the user to delete backed-up items. |
Table: End-User permissions
Description | |
---|---|
It permits an end-user to restore a stubbed item by clicking on it using the End-User portal. | |
It permits an end-user to download a stubbed item by clicking on it using the End-User portal. | |
It permits an end-user to perform the following action on the End-User portal:
|
Table: Administration portal permissions
Description | |
---|---|
It permits the user to sign in to the Administration portal. You can select the following checkboxes for the permissions you want to grant the user.
| |
It permits the user to view and manage Scopes.
| |
It permits the user to access the module. | |
It permits the user to access the module. | |
It permits the user to access the Discovery module. You can select the following checkboxes for the permissions you want to grant the user:
| |
It permits the user to access the module. | |
It permits the user to access the module. | |
It permits the user to access the module. | |
It permits the user to access the module. | |
It permits the user to access the module. | |
It permits the user to view the module. |
Table: API settings
Description | |
---|---|
It permits the user to access a wide range of general API. This permission is required for all Service accounts. | |
It permits the user to allow the Connector service to operate with the Blobless Archive option on a connector. It is advisable to grant and use this permission solely in a drive-shipping scenario. | |
It permits the user to impersonate another user by the API. |