SIRIS, ALTO, and NAS: Local Users



This article describes the Local Users category of the Datto appliance GUI.


  • Datto SIRIS
  • Datto ALTO
  • Datto NAS


The Local Users control panel allows you to assign role-based feature and functionality access to local user accounts on the Datto appliance. You can define which people in your organization have administrative access to your Datto devices, and which functions they are allowed to perform.


1. To access the Local Users category, navigate to Configure → Device Settings in the Datto appliance GUI, as shown in Figure 1.

Figure 1: Device Settings (click for larger image)

2. On the Device Settings page, scroll to the Local Users category.

Figure 2: Local Users (click for larger image)

The Local Users category displays the following options:

A. User Account Name: The login name of each local user account with access to the device appears here.

B. Add User: Allows you to add a new local user account to the device. You will be prompted to create a username and password for the local user account. Usernames containing special characters or spaces are not allowed. The newly-created user cannot be modified, and will not be added to the device until you click Apply.

C. Web Access:  This checkbox controls access to the Datto appliance GUI.

D. ActionsAllows you to make changes to existing user accounts. The available options are:

Set Password: This setting changes the existing password for the selected user account. Passwords must be a minimum length of 8 characters and not exceed 128 characters. They cannot contain common-use patterns or Datto-specific words (Datto, SIRIS, device, partner, etc.). Passwords must include a combination of uppercase and lowercase letters, as well as numbers and special characters.
Delete Account:  Select this option to delete the local user account.
Edit Permissions: Allows you to set access permissions for the selected user account granularly. See the User Account Permissions section of this article for more information.

User Account Permissions

Figure 3: Manage Permissions (click for larger image)

Clicking the Edit Permissions option in the Actions group of the Local Users category will take you to the Manage Permissions page for the selected user. From this page, you can manage the type of access each local user account has to the Datto appliance, and the actions each account is allowed to perform. Select a permission level to learn more.


Administrators have complete control over the device. Partners should limit this account type to trusted individuals. Device administrators can access any page or functionality available in the device UI.

Basic Access

Every local user has the Basic role. You cannot create a local user without this role, and you cannot remove this role from a local user that already exists.

There is value to having a local user account with only a Basic role assigned. Users in this role may include customers who want to have some connection to the Datto hardware and services for which they are paying or users who only need to access the Backup Report and Continuity Audit features. 

The device functions available to users with Basic Access are:

  • Login and Logout
  • Top-level navigation:
    • View the Home Page
    • View the Protect Page
    • View the Synchronize Page
  • Viewing the Backup Report and Continuity Audit

NAS Access

The NAS Access role has only one permission: it lets users access the Network Attached Storage page at Home  → File Share  → Network Attached Storage.

The Administrator role includes the abilities of the NAS role and does not need them to be added.

Users who need to do any of the following should have the Administrator role instead of the NAS role:

  • Configure a NAS Share
  • Install File Sync and Share (Datto Drive)
  • Create a Share (Wizard)
  • Access Manage Recovery Points
  • Remove a Share

Restore Files and Systems

Restore Files and Systems is not a tiered role that builds on top of any other role. It is a distinct grouping of pages related to restoring a protected system.

The Administrator role includes the abilities of the Restore role and does not need them to be added.

The device functions available to users with the Restore role are:

  • Ability to restore a protected system via any restore method available
  • Access to the Backup Insights page for comparing folder trees and files between two different recovery points for a protected system
  • Access to the Granular Restore page to download software and licenses for Kroll OnTrack, allowing restoration of Microsoft Exchange, SharePoint, and SQL servers 

Mapping of Legacy Permissions to New Roles

Before the release of the Local Users update, there were 14 existing permissions in the user access structure, which are now mapped to the four roles described in the User Account Permissions section of this article. The Device Updates permission has been discontinued.

Legacy Permission

New Role

Basic access




Restore (formerly Recovery Points)


File Restore


Local Virtualization


Bare Metal Restore


Export Image




Network Configuration


Off-site Configuration


Advanced Device Status


Remove Protected Agents




Device Updates


Was this article helpful?

1 out of 5 found this helpful

You must sign in before voting on this article.

Want to talk about it? Have a feature request?

Head on over to our Datto Community Forum or the Datto Community Online.

For more Business Management resources, see the Datto RMM Online Help and the Autotask PSA Online Help .

Still have questions? Get live help.

Datto Homepage