Managing Employee Roles for Datto Endpoint Backup and BCDR Status
Topic
This article discusses Centralized User Management for Datto Endpoint Backup and Datto BCDR access for employee users in the Datto Partner Portal. For more information on Partner portal Accounts, access, and MFA, refer to: User Account.
Environment
Datto Partner Portal
Description
Centralized User Management is a federated and unified user management solution inside the Partner Portal that all Datto products can leverage to create, read, update and deactivate users and grant role-based access.
Datto Endpoint Backup and BCDR status access relies implicitly on portal roles, which can be ambiguous and error-prone. Centralized User Management for Datto Endpoint Backup and BCDR lets partners explicitly grant Datto Endpoint Backup and BCDR status access, regardless of Portal roles.
Navigating to Central User Management
NOTE Centralized User Management options are available to Portal Admins only.
In the Datto Partner Portal, click the Admin tab, then select Manage Employees from the drop-down menu.
Creating a new employee
- Click the Add Employee button.
- The Add Employee dialog box will appear. Fill out the employee's personal information, then select the drop-down menu for Portal to choose the employee's role. See the Employee Roles section of this article for more information.
- By default, the Administrator role has full access for Datto Endpoint Backup and BCDR.
- By default, the Tech role has full access for BCDR.
- By default, the Business and Sales & Marketing roles have no access to BCDR and Datto Endpoint Backup.
- You can change the default selection to allow any combination of access necessary.
- Use the corresponding drop-down menu to select whether the new employee will have No access or Full access to BCDR and to Datto Endpoint Backup.
- Selecting Full Access will grant the user total access to that status page.
- Selecting No Access will hide that status page from the user.
Editing employee information and access
You can change employee access levels directly from the User Management page.
- Click the pencil icon next to the employee whose access you wish to edit.
- The Edit Employee dialog box will appear. Make the changes, then click the SAVE CHANGES button.
Removing an employee
See Managing employee accounts and roles for information on removing employees
You cannot use a removed user's email address to re-register for 48 hours.
- Click the wastebasket icon next to the employee's name.
Employee roles
See Employee roles and access level permissions for information on the Portal pages and actions accessible for each employee role.
EMEA roles
EMEA Manage Employee page in the Datto Partner Portal will be upgraded to centralized user management effective January 18, 2022. With this upgrade, Partner Administrators can manage employees from one central place for all associated Datto products. They’ll have access to create, update, delete, deactivate, and reactivate users across integrated Datto products and grant access to Datto Endpoint Backup and BCDR explicitly, regardless of Portal role.
As a result of this upgrade, all employee users will be moved to new corresponding global roles based on the mapping below
Existing EMEA Roles to New Global Roles
- EMEA Reseller Admin to Administrative
- EMEA Reseller Invoices to Business
- EMEA Reseller Pricing to Business
- EMEA Reseller Orders to Business
- EMEA Reseller Devices to Business
- EMEA Reseller Support to Tech
- EMEA No Permission to No Access
Partner Admin will be able to update the user role anytime after the upgrade based on needs from any of the following global roles :
- Administrative
- Business
- Tech
- Sales & Marketing
- No Access
Learn more about each global role in this Here.
Current EMEA roles and permissions
EMEA Portal users cannot modify employee email addresses. You must remove, then re-add the user with the correct email address.
For Partner Portal roles for EMEA accounts, the levels are:
Admin
- Manage employees and customize device status, as well as all roles listed below (Devices, Invoices, Orders, Pricing, and Support)
- Set up SaaS Protection clients
Devices
- Device status, device audit, Recovery Launchpad, and private cloud status
- Cannot view SaaS Protection accounts that are NFR
- Cannot create new SaaS Protection clients
Invoices
- View invoices and contracts
Orders
- View the store and place orders
Pricing
- View pricing and marketing materials
Support
- View the Knowledge Base, tickets, and cloud requests
No Access
The No Access role under the Portal drop-down menu restricts the user from accessing the Partner Portal.
If users are assigned No Access and they only have a Datto Partner Portal account (i.e. their account is not associated with additional Datto products), they will be unable to log into the Partner Portal.
If users are assigned No Access and their account is also associated with additional Datto products (such as Datto RMM or Autotask PSA), they will be able to log into those associated products, but not the Partner Portal.
NOTE EMEA partners not assigned the role of Admin, Tech, Devices, or Support cannot access the legacy Recovery Launchpad.
Centralized User Management FAQs
What is Centralized User Management for Datto Endpoint Backup and BCDR?
Centralized User Management for Datto Endpoint Backup and BCDR is the capability to explicitly grant employee users access to Datto Endpoint Backup and BCDR regardless of Portal role.
Why should I use Centralized User Management for Datto Endpoint Backup and BCDR?
Using Centralized User Management for Datto Endpoint Backup and BCDR will:
- provide clarity of access level for each user.
- give you the freedom to grant various combinations of access levels (for Portal, Datto Endpoint Backup and BCDR) to your employees.
Is there any change in the existing access level for my employee users?
No, the existing employee user access will neither gain additional access nor lose existing access to BCDR & Datto Endpoint Backup as result of Centralized User Management for Datto Endpoint Backup and BCDR.
Can I still use the old Manage Employees page?
No, this new Manage Employees page containing Centralized User Management for Datto Endpoint Backup and BCDR is going to replace existing employee management functionality.
