This page describes how the existing roles assigned in the management console are mapped to the corresponding predefined Backup and DR Service IAM roles. This is applicable only to users who have roles assigned to them in the management console and are on version 11.0.4 or lower.
Map the management console roles to IAM predefined roles
Use the following table to assign new predefined Backup and DR IAM roles to users who had the following roles earlier in the management console. To learn how to assign a new role to a user, see Assign IAM roles to a user. To learn how to modify a role to a user, see Modify an existing role to a user.
Before mapping the management console role to IAM, check the management console role assigned to a user from the management console's Manage > Roles page and then map with IAM role to that user in the IAM & Admin page using the following table.
| Management console role | IAM role | IAM role description |
|---|---|---|
| App admin | Backup and DR Backup User and Backup and DR Restore User | Allows users to back up their workload with any existing backup plan/templates. Cannot recover data. Allows users to recover their data including mount and workflows permissions. Cannot backup the data. |
| Backup admin | Backup and DR User V2 | Provides full access to Backup and DR Service resources except deploying and managing backup infrastructure, expiring backups, changing data sensitivity and configuring on-premises billing. |
| Basic | Backup and DR Viewer | Provides read-only access to all Backup and DR Service resources. |
| Compliance admin | Backup and DR Viewer | Provides read-only access to all Backup and DR Service resources. |
| System admin | Backup and DR Admin | Provides full access to all Backup and DR Service resources. |
| Storage admin | Backup and DR Admin | Provides full access to all Backup and DR Service resources. |
| TDM admin | Backup and DR Mount User | Allows the user to mount from a backup. This role cannot create a backup plan or restore from a backup. |