Veeam B&R Admin - sensitive Data

[ocico]

Hi,

our company wants to restrict to sensitive data, such as restoring them to another destination.
I had a support case with veeam, but they could not help me.
Veeam B&R has got user roles, and the enterprise manager has also roles. But I don't know what is the best way to resolve that.
My supervisor wants that nobody can restore sensitive data, specially on the fileserver, we have directories with NTFS permissions, such as data of personal department.

Please, can someone help me.

Thank you

[Vitaliy S.]

Hi,

There is no way to restrict restoring data to some other location, but you might want to try and use this option in the Enterprise Manager that would allow restoring data to the original location. See the links below:
1. Configuring Restore Scope (check the "in-place file restores only" option)
2. Restrictions for Delegated Restore

In addition to this, I highly recommend to do regular check on who restored what and when via this prebuilt Veeam ONE report > Restore Operator Activity

Thanks!

[ocico]

@Vitaly S: Thank you

[ocico]

I have now setup the enviroment, and it looks good sofar. One more topic. Is it possible to administrate Backup&Replication (Create new jobs, fix issues, make reconfiguration), but at the same time he has no access to the restore part. Just like the Restore Operater. He can make restore operations, but he cant make anything at the backup section. I also checked the Backup Operator Role. For him its possible to stop and start jobs, he can not modify jobs. What I need is a user that has the same permissions as a backup administrator, but has no access to the restore section.

[Vitaliy S.]

There is no such option in the Enterprise Manager, however backup operator role is available in the backup console, might do the trick > Roles and Users