User roles available for each service

One user can have several roles but only one role per service.

For each service, you can define which role will be assigned to a user.

The services that are available to you are configured by your service provider.

Service	Role	Description
n/a	Company administrator	This role grants full administrator rights for all services. This role grants access to the corporate allowlist. If the Disaster Recovery add-on to the Protection service is enabled for the company, this role also grants access to the disaster recovery functionality.
n/a	Unit administrator Unit level	This role grants highest possible permissions to all applicable services in the unit. The role does not provide access to the disaster recovery functionality.
Management Portal	Administrator	This role grants access to the management portal where the administrator can manage users within the entire organization.
	Read-only administrator Partner level	This role provides read-only access to all objects in the partner's management portal and the management portal of all customers of this partner. See Read-only administrator role.
	Read-only administrator Customer level	This role provides read-only access to all objects in the Management Portal of the entire company. See Read-only administrator role.
	Read-only administrator Unit level	This role provides read-only access to all objects in the management portal of the company unit and sub-units. See Read-only administrator role.
Vendor Portal	Developer	This role provides full access to Vendor Portal. Developers can create and manage CyberApps, CyberApp Descriptions, and CyberApp Versions. They can also submit deployment requests and monitor CyberApp metrics.
	User	This role allows the user to create, manage, and request approvals of CyberApp Descriptions.
	Read-only user	This role provides read-only access to Vendor Portal.
Protection
	Administrator	This role enables configuring and managing the Protection service for your customers. This role is required for: configuring and managing the Disaster Recovery functionality. configuring and managing the corporate allowlist. performing autodiscovery of devices. performing all actions related to software deployment by using DeployPilot (working with software deployment plans, software repositories, software packages, and performing quick deploy actions).
	Cyber administrator	In addition to the rights of the Administrator role, this role enables configuring and managing the Protection service, and approving actions in Cyber Scripting. The Cyber administrator role is only available for tenants with enabled Advanced Management (RMM) pack.
	Read-only administrator	The role provides read-only access to all objects of the Protection service. See Read-only administrator role.
	User	This role enables using the Protection service but without administrative privileges. Access is provided to functionality such as Endpoint Detection and Response, but users assigned this role cannot access the data of other users in the organization.
	Restore operator	Applicable to Microsoft 365 and Google Workspace organizations, the role provides access to backups and allows their recovery, while restricting the access to sensitive content inside the backups. See Restore operator role.
	Security Analyst	The role can be assigned only in customer tenants for which the Advanced Security + EDR or Advanced Security + XDR pack is enabled. It provides access to the Cyber Protection console and enables the user to manage EDR incidents and perform response actions.
File Sync & Share	Administrator	This role enables configuring and managing File Sync & Share for your users.
Cyber Infrastructure	Administrator	This role enables configuring and managing Cyber Infrastructure for your users.
Advanced Automation (PSA)	There are a number of roles that can be assigned to Advanced Automation (PSA) users. For more information, see Advanced Automation (PSA) roles.
Partner Portal	There are a number of roles that can be assigned to Partner portal users. For more information, see Partner portal roles.
Notary	Administrator	This role enables configuring and managing Notary for your users.
Notary	User	This role enables using the Notary service but without administrative privileges. Such users cannot access data of other users of the organization.

Vendor Portal is available to technology partners who registered on the Acronis Technology Ecosystem website after October 04, 2023.
If you are looking to build an integration and require access to Vendor Portal and a dedicated Sandbox, see the Integrations chapter.

Any changes related to the accounts and roles are shown on the Activities tab with the following details:

What was changed
Who did the changes
Date and time of changes

Read-only administrator role

An account with this role has read-only access to the Cyber Protect console and can do the following:

Collect diagnostic data, such as system reports.
See the recovery points of a backup, but cannot drill down into the backup contents and cannot see files, folders, or emails.
When Advanced security + XDR is enabled, read-only administrators can access the Response Actions tab in the EDR incident screen, but cannot execute any actions.
Access data of other users of the organization in the read-only mode.

A read-only administrator cannot do the following:

Start or stop any tasks.

For example, a read-only administrator cannot start a recovery or stop a running backup.
Configure and manage the Disaster Recovery functionality or the corporate allowlist, and has a read-only access to software deployment plans, software repositories, and software packages.
Access the file system on source or target machines.

For example, a read-only administrator cannot see files, folders, or emails on a backed-up machine.
Change any settings.

For example, a read-only administrator cannot create a protection plan or change any of its settings.
Create, update, or delete any data.

For example, a read-only administrator cannot delete backups.

In the Management portal, read-only administrators can initiate the creation of new child tenants and configure all their properties for demonstration purposes, but cannot save them.
Save any changes to scripting plans, monitoring plans, or agent plans.

All UI objects that are not accessible for a read-only administrator are hidden, except for the default settings of the protection plan. These settings are shown, but the Save button is not active.

Restore operator role

This role is available only in the Protection service and is limited to Microsoft 365 and Google Workspace backups.

A restore operator can do the following:

View alerts and activities.
View and refresh the list of backups.
View the list of recovery points.
Browse backups without accessing their content.
Restore operators can see the names of backed-up files and the subjects and senders of backed-up emails.
Search backups (full text search is not supported).
Recover cloud-to-cloud backups only to their original location within the original Microsoft 365 or Google Workspace organization.

A restore operator cannot do the following:

Delete alerts.
Add or delete Microsoft 365 or Google Workspace organizations.
Add, delete, or rename backup locations.
Delete or rename backups.
Create, delete, or rename folders when recovering a backup.
Apply a backup plan or run a backup.
Access backed-up files or the content of backed-up emails.
Download backed-up files or email attachments.
Send backed-up cloud resources, such as emails or calendar items, as email.
View or recover Microsoft 365 Teams conversations.
Recover cloud-to-cloud backups to non-original locations, such as a different mailbox, OneDrive, Google Drive, or Microsoft 365 Team.