The following role will limit the data that the admin can view and restore to the data of users that belonged to a specified OU (or a child OU under it) when they were offboarded to storage.
Create the Role
You can add the required permissions to any existing role. However, we recommend creating a new role so that you have more control over which users can view archived data and restore, if required.
To create the role:
- Sign in to CloudM Automate, using an account with permission to manage other users.
- Select Settings > Roles.
- Click on Create new Role.
- If you cannot see the Create new Role option, select the x button at the top of the screen.
-
Set the Name of the new role to Restore from specific OU only.
-
Leave the Create from template checkbox unticked.
-
Add a Description of the Archive Admin role, if required.
-
Assign the Scope of the new role to OU and Child OUs.
-
Select Create New Role.
- The Restore from specific OU only role will now appear in the list of roles.
- Select the role from the list.
- On the Permissions tab, move the Automate Archive Restoration for OU permission from the Unused Permissions column (on the left) to the right arrow to move it into the Assigned Permissions column (on the right).
- Select Save to confirm the changes.
Assign the Archive Admin Role to a user
To assign the Restore from specific OU only role to a user or users:
- Select the role from the list,
- On the Assigned Users tab, click on the downwards facing arrow next to Assignment. This will prompt the Assignment section to be displayed.
- Click on the Assign To field and choose whether you are assigning the role to an Org Unit, User Profile, Group, Service Account, External Profile or External Group.
- Click on the Name field to choose the name of the Holder that you want to apply the role to.
- Set Org Unit to the specific OU. This means that the role holder will be able to view and restore the archived data of any user that belonged to the specific OU (or one of it's Child OUs).
- Click on Add.
-
The Holder will appear in the Role Assignments list. This list shows all the holders that are assigned to the selected role.
- Once the role is assigned to a user, they will see the Archive > Restore option displayed in the Functions bar.