Read-only administrator role

An account with this role has read-only access to the Cyber Protect console and can do the following:

Collect diagnostic data, such as system reports.
See the recovery points of a backup, but cannot drill down into the backup contents and cannot see files, folders, or emails.
When Advanced security + XDR is enabled, read-only administrators can access the Response Actions tab in the EDR incident screen, but cannot execute any actions.
Access data of other users of the organization in the read-only mode.

A read-only administrator cannot do the following:

Start or stop any tasks.

For example, a read-only administrator cannot start a recovery or stop a running backup.
Configure and manage the Disaster Recovery functionality or the corporate allowlist, and has a read-only access to software deployment plans, software repositories, and software packages.
Access the file system on source or target machines.

For example, a read-only administrator cannot see files, folders, or emails on a backed-up machine.
Change any settings.

For example, a read-only administrator cannot create a protection plan or change any of its settings.
Create, update, or delete any data.

For example, a read-only administrator cannot delete backups or delete, update, and rebuild search indexes for cloud-to-cloud backups.

In Management portal, read-only administrators can initiate the creation of new child tenants and configure all their properties for demonstration purposes, but cannot save them. They cannot modify quotas for their own tenant or users.
Save any changes to scripting plans, monitoring plans, or agent plans.

All UI objects that are not accessible for a read-only administrator are hidden, except for the default settings of the protection plan. These settings are shown, but the Save button is not active.