Topic
This article describes the Local Users category of the Datto appliance GUI.
Environment
- Datto SIRIS
- Datto ALTO
- Datto NAS
Overview
The Local Users control panel allows you to assign role-based feature and functionality access to local user accounts on the Datto appliance, making it possible to granularly define which people in your organization have administrative access to your Continuity devices, and which functions they are allowed to perform.
Procedure
1. To access the Local Users category, navigate to Configure → Device Settings in the Datto appliance GUI, as shown in Figure 1.
Figure 1: Configure → Device Settings (click for larger image)
2. On the Device Settings page, scroll to the Local Users category. You will see the panel shown in Figure 2.
Figure 2: Configure → Device Settings (click for larger image)
The Local Users category displays the following options:
A. User Account Name: The login name of each local user account with access to the device appears here.
B. Add User: Allows you to add a new local user account to the device. You will be prompted to create a username and password for the local user account. Usernames containing special characters or spaces are not allowed. The newly-created user cannot be modified, and will not be added to the device, until you click Apply.
C. Web Access: Checking this box will allow the user account to log into the device from the Datto Partner Portal. Unchecking the box will restrict the user account to accessing the device from the local LAN.
D. Actions: Allows you to make changes to existing user accounts. The available options are:
Set Password: Changes the existing password for the selected user account. Passwords must be a minimum length of 8 characters and not exceed 128 characters. They cannot contain common-use patterns or Datto-specific words (Datto, SIRIS, device, partner, etc). They must contain a combination of uppercase and lowercase letters, as well as numbers and special characters.
Delete Account: Deletes the local user account.
Edit Permissions: Allows you to granularly set access permissions for the selected user account. See the User Account Permissions section of this article for more information.
User Account Permissions
Figure 3: Manage Permissions (click for larger image)
Clicking the Edit Permissions option in the Actions group of the Local Users category will take you to the Manage Permissions page for the selected user. From this page, you can manage the type of access each local user account has to the Datto appliance, and the actions each account is allowed to perform. Select a permission level to learn more.
Administrator
Administrators have complete control over the device. Partners should limit this account type to trusted individuals. Device administrators can access any page or functionality available in the device UI.
Basic Access
Every local user has the Basic role. You cannot create a local user without this role, and you cannot remove this role from a local user that already exists.
There is value to having a local user account with only a Basic role assigned. Users in this role may include high-end customers who want to have some connection to the Datto hardware and services for which they are paying, or users who only need to access the Backup Report and Continuity Audit features so that they can report back to their business.
The device functions available to users with Basic Access are:
- Login and Logout
- Top-level navigation:
- View the Home Page
- View the Protect Page
- View the Synchronize Page
- Viewing the Backup Report and Continuity Audit
NAS Access
This is not a tiered role which builds on top of any other role. It has only one permission: this role is for persons who need to access the Network Attached Storage page at Home → File Share → Network Attached Storage.
The Administrator role includes the abilities of the NAS role, and does not need them to be added.
Users who need to do any of the following should have the Administrator role instead of the NAS role:
- Configure a NAS Share
- Install File Sync and Share (Datto Drive)
- Create a Share (Wizard)
- Access Manage Recovery Points
- Remove a Share
Restore Files and Systems
This is not a tiered role that builds on top of any other role. It is a distinct grouping of pages related to restoring a protected system.
The Administrator role includes the abilities of the Restore role, and does not need them to be added.
The device functions available to users with the Restore role are:
- Ability to restore a protected system via any restore method available.
- Access to the Backup Insights page for comparing folder trees and files between two different recovery points for a protected system.
- Access to the Granular Restore page to download software and licenses for Kroll OnTrack, allowing restoration of Microsoft Exchange, SharePoint, and SQL servers.
Mapping of Legacy Permissions to New Roles
Prior to the release of the Local Users update, there were 14 existing permissions in the user access structure, which are now mapped to the four roles described in the User Account Permissions section of this article. The Device Updates permission has been discontinued.
Legacy Permission |
New Role |
Basic access |
Basic |
Reporting |
Basic |
Restore (formerly Recovery Points) |
Restore |
File Restore |
Restore |
Local Virtualization |
Restore |
Bare Metal Restore |
Restore |
Export Image |
Restore |
Administration |
Administrator |
Network Configuration |
Administrator |
Off-site Configuration |
Administrator |
Advanced Device Status |
Administrator |
Remove Protected Agents |
Administrator |
NAS |
NAS |
Device Updates |
N/A |