User Role Permissions
Each type of User account in Cove Data Protection (Cove)'s Management Console has different access to data and features.
Device Management
| Action | User roles who can | Notes | User roles who cannot |
|---|---|---|---|
| Adding Devices |
|
Add new devices to the Cove Management Console Backup Dashboard. * Managers and Managers with Security Officer permissions can only add devices using Self-Managed installation. |
|
| Managing Devices |
|
All features except adding devices and generating passphrases. |
The following users cannot manage devices, but do have read-only access:
|
| Managing Microsoft 365 Domains |
|
Add, edit and delete Microsoft 365 domains to the Cove Management Console Backup Dashboard, and add new services to existing Microsoft 365 domains. * SuperUsers, Administrators with Security Officer, Managers with Security Officer, and Operators with Security Officer permissions cannot delete Microsoft 365 services, or delete backup history. |
The following users cannot manage Microsoft 365 domains, but do have read-only access:
|
| Sending Remote Commands to Devices |
|
Actions can be performed remotely using Remote Commands. |
|
Management Console
Data Recovery
| Action | User roles who can | Notes | User roles who cannot |
|---|---|---|---|
| Recover data in Backup Manager |
|
Restore backup data directly from the Backup Manager on the device. |
|
| Recover data in Recovery Console |
|
Restore backup data using the Recovery Console. * SuperUsers, Administrators, Managers, and Operators without Security Officer permissions cannot generate passphrases. If the device uses Passphrase-based encryption, these user roles will not be able to add the device to the Recovery Console. If the device uses an Encryption Key/Security Code, these user roles will be able to proceed with the recovery via Recovery Console. |
|
Continuity
| Action | User roles who can | Notes | User roles who cannot |
|---|---|---|---|
| Trigger One-Time Restore |
|
Trigger an on-demand restore of data to Hyper-V, Azure, or ESXi. * SuperUsers, and Managers without Security Officer permissions cannot generate passphrases. If the device uses Passphrase-based encryption, these user roles will not be able to trigger the One-time Restore. If the device uses an Encryption Key/Security Code, these user roles will be able to proceed with One-time Restore. |
The following users cannot trigger a One-time Restore, but do have read-only access:
|
| Manage StandBy Image |
|
Enable and edit continuous restore of data using a StandBy Image plan to Hyper-V, ESXi, or Azure. * SuperUsers, and Managers without Security Officer permissions cannot generate passphrases. If the device uses Passphrase-based encryption, these user roles will not be able to add the device to the StandBy Image plan. If the device uses an Encryption Key/Security Code, these user roles will be able to proceed with StandBy Image. |
The following users cannot enable StandBy Image, but do have read-only access:
|
| Manage Recovery Testing |
|
Enable and edit the service to provide a screenshot as proof that data is recoverable on the device. * SuperUsers, and Managers without Security Officer permissions cannot generate passphrases. If the device uses Passphrase-based encryption, these user roles will not be able to add the device to the Recovery Testing plan. If the device uses an Encryption Key/Security Code, these user roles will be able to proceed with Recovery Testing. |
The following users cannot enable Recovery Testing, but do have read-only access:
|
| Manage Recovery Locations |
|
Add, edit and remove the host running the recovery service used to process data restores. |
The following users cannot manage API Users, but do have read-only access:
|
Customer Management
| Action | User roles who can | Notes | User roles who cannot |
|---|---|---|---|
| Managing Customers |
|
Add, edit and remove Customer to the Cove Management Console. |
The following users cannot manage API Users, but do have read-only access:
|
| Managing Contacts |
|
Add, edit and remove contact details, containing names of Customer representatives. |
The following users cannot manage API Users, but do have read-only access:
|
| Managing Contact Notes |
|
Add, edit and remove information regarding past and upcoming communication activities, or relevant information regarding the Customer. |
The following users cannot manage API Users, but do have read-only access:
|
User Management
| Action | User roles who can | Notes | User roles who cannot |
|---|---|---|---|
| Managing Users |
|
All features except for Managing Security Officers. |
The following users cannot manage users, but do have read-only access:
|
| Managing API Users |
|
Add, edit and remove API users. |
The following users cannot manage API Users, but do have read-only access:
|
| Managing Security Officers |
|
Enable and disable Security Officer permission for users. |
|
Reporting
| Action | User roles who can | Notes | User roles who cannot |
|---|---|---|---|
| Manage Scheduled Reports |
|
Add, edit and remove scheduled reports on recent backup and recovery activities. | - |
| Generate Executive Summary Reports |
|
Trigger the generation of an Executive Summary Report. Available to Resellers only. |
|
| Download Executive Summary Reports |
|
Download the generated Executive Summary Report. Available to Resellers only. |
|
| Manage Executive Summary Reports |
|
Add, edit and remove recipients for Executive Summary Reports once generation has completed. Available to Resellers only. |
|