Administrators and units
The Administrators panel shows the Organization group with the tree of units (if any) and the list of administrators of the unit that is selected in the tree.
Who are the management server administrators?
Any account that is able to sign in to the backup console is a management server administrator.
Organization administrators are the top-level administrators. Unit administrators are administrators of the child groups (units).
In the backup console, each administrator has a view scoped to their area of control. An administrator can view and manage anything on or below their level in the hierarchy.
Who are the default administrators?
In Windows
When the management server is being installed on a machine, the following happens:
-
The Acronis Centralized Admins user group is created on the machine.
On a domain controller, the group is named DCNAME $ Acronis Centralized Admins; here, DCNAME stands for the NetBIOS name of the domain controller.
- All members of the Administrators group are added to the Acronis Centralized Admins group. If the machine is in a domain but is not a domain controller, local (non-domain) users are then excluded. On a domain controller, there are no non-domain users.
- The Acronis Centralized Admins and the Administrators groups are added to the management server as organization administrators. If the machine is in a domain but is not a domain controller, the Administrators group is not added, so that local (non-domain) users do not become organization administrators.
You can delete the Administrators group from the list of the organization administrators. However, the Acronis Centralized Admins group cannot be deleted. In the unlikely case that all organization administrators have been deleted, you can add an account to the Acronis Centralized Admins group in Windows, and then log in to the backup console by using this account.
In Linux
When the management server is being installed on a machine, the root user is added to the management server as an organization administrator.
You can add other Linux users to the list of management server administrators as described later, and then delete the root user from this list. In the unlikely case that all organization administrators have been deleted, you can restart the acronis_asm service. As a result, the root user will be automatically re-added as an organization administrator.
Who can be an administrator?
If the management server is installed on a Windows machine that is included in an Active Directory domain, any local or domain user or user group can be added to the management server administrators. Otherwise, only local users and groups can be added.
For information about how to add an administrator to the management server, refer to "Adding administrators".
Units and unit administrators
The Organization group is automatically created when you install the management server. With the Acronis Cyber Backup Advanced license, you can create child groups called units, which typically correspond to units or departments of the organization, and add administrators to the units.
This way, you can delegate backup management to other people whose access permissions will be strictly limited to the corresponding units.
For information about how to create a unit, refer to "Creating units".
What if an account is added to multiple units?
An account can be added as a unit administrator to any number of units. For such an account, as well as for organization administrators, the unit selector is shown in the backup console. By using this selector, the administrator can view and manage each unit separately.
An account that has permissions for all units does not have permissions for the organization. Organization administrators must be added to the Organization group explicitly.
How to populate units with machines
When an administrator adds a machine via the web interface, the machine is added to the unit managed by the administrator. If the administrator manages multiple units, the machine is added to the unit chosen in the unit selector. Therefore, the administrator must choose the unit prior to clicking Add.
When installing agents locally, an administrator provides their credentials. The machine is added to the unit managed by the administrator. If the administrator manages multiple units, the installer prompts to choose a unit to which the machine will be added.