Local Users
Topic
This article describes the Local Users category of the Datto appliance GUI.
Environment
- Datto SIRIS
- Datto ALTO
- Datto NAS
Description
The Local Users control panel allows you to assign role-based feature and functionality access to local user accounts on the Datto appliance. You can define which people in your organization have administrative access to your Datto devices, and which functions they are allowed to perform.
Procedure
-
To access the Local Users category, navigate to Configure > Device Settings in the Datto appliance GUI.
-
On the Device Settings page, scroll to the Local Users category.
The Local Users category displays the following options:
- A. Username: The login name of each local user account with access to the device appears here.
- B. Create User: Allows you to add a new local user account to the device. You will be prompted to create a username and password for the local user account. Usernames containing special characters or spaces are not allowed. The newly-created user cannot be modified, and will not be added to the device until you click Apply.
- C. Web Access: This check-box controls access to the Datto appliance GUI.
- D. Actions: Allows you to make changes to existing user accounts. The available options are:
- Change Password: This setting changes the existing password for the selected user account. Passwords must be a minimum length of 8 characters and not exceed 128 characters. They cannot contain common-use patterns or Datto-specific words (Datto, SIRIS, device, partner, etc.). Passwords must include a combination of uppercase and lowercase letters, as well as numbers and special characters.
- Delete User Account: Select this option to delete the local user account.
- Edit Permissions: Allows you to set access permissions for the selected user account granularity. See the User Account Permissions section of this article for more information.
User Account Permissions
Clicking the Edit Permissions option in the Actions group of the Local Users category will take you to the Manage Permissions page for the selected user. From this page, you can manage the type of access each local user account has to the Datto appliance, and the actions each account is allowed to perform. Select a permission level to learn more.
Administrator
Administrators have complete control over the device. Partners should limit this account type to trusted individuals. Device administrators can access any page or functionality available in the device UI.
Basic Access
Every local user has the Basic role. You cannot create a local user without this role, and you cannot remove this role from a local user that already exists.Basic users have access to view device parameters but are limited in what changes they can make.
There is value to having a local user account with only a Basic role assigned. Users in this role may include customers who want to have some connection to the Datto hardware and services for which they are paying or users who only need to access the Backup Report and Continuity Audit features.
The device functions available to users with Basic Access are:
- Login and Logout
- Top-level navigation:
- View the Home Page
- View the Protect Page
- View View the Synchronize Page
- View the Restore Page (Basic Users cannot mount or unmount restores)
- View limited device health information on the Advanced tab
- Viewing the Backup Report and Continuity Audit
NAS Access
The NAS Access role has only one permission: it lets users access the Network Attached Storage page at Home > File Share > Network Attached Storage.
The Administrator role includes the abilities of the NAS role and does not need them to be added.
Users who need to do any of the following should have the Administrator role instead of the NAS role:
- Configure a NAS Share
- Install File Sync and Share (Datto Drive)
- Create a Share (Wizard)
- Access Manage Recovery Points
- Remove a Share
Restore Files and Systems
Restore Files and Systems is not a tiered role that builds on top of any other role. It is a distinct grouping of pages related to restoring a protected system.
The Administrator role includes the abilities of the Restore role and does not need them to be added.
The device functions available to users with the Restore role are:
- Ability to restore a protected system via any restore method available
- Access to the Granular Restore page to download software and licenses for Kroll OnTrack, allowing restoration of Microsoft Exchange, SharePoint, and SQL servers
Mapping of Legacy Permissions to New Roles
Before the release of the Local Users update, there were 14 existing permissions in the user access structure, which are now mapped to the four roles described in the User Account Permissions section of this article. The Device Updates permission has been discontinued.
Legacy Permission |
New Role |
---|---|
Basic access |
Basic |
Restore (formerly Recovery Points) |
Restore |
File Restore |
Restore |
Local Virtualization |
Restore |
Bare Metal Restore |
Restore |
Export Image |
Restore |
Administration |
Administrator |
Network Configuration |
Administrator |
Off-site Configuration |
Administrator |
Advanced Device Status |
Administrator |
Remove Protected Agents |
Administrator |
NAS |
NAS |
Device Updates |
N/A |