Idea for Commvault - Please make easy to find documentation about permissions

  • 21 June 2023
  • 1 reply
  • 45 views

Userlevel 1
Badge +8

Commvault reps, if you see this message, really hope you will consider this.
The reason for my wish, is that we are noticing more and more questions from customers about why they provide us with permissions in their environment.
“Because the backup service needs it” is no longer an acceptable reason for many.

I am guessing that they have an increased focus on security, but I have a feeling that audits are becoming more important for many of the customers. The auditor might want to know what an account or an azure app is using their given permissions for.

I wish for a place in the Commvault docs or somewhere on the site, where a customer or commserve admin can read about the reasons why an account or azure app needs all the different permissions in the different backup/restore scenarios.

There is a nice table for Exchange Online Azure apps here: “https://documentation.commvault.com/v11/essential/147825_application_permissions_for_azure_app_for_exchange_online.html

Why not create a similar table for all services?

Just create a page called “Permissions overview for Commvault” or something.
The user can select a service, like MS365, VMWare, HyperV etc. and they can then see a nice table like the Exchange Online table, if the backup or restore require any service accounts, azure apps and the permissions they need, and why they need each permission.

 

All the best


1 reply

Userlevel 7
Badge +23

Thanks for the feedback @No special characters!

There is a similar comprehensive one here for VMware workloads

As you can see, the above one is more complex as it explains which permission is needed for each capability (Streaming backup, IntelliSnap, replication etc.) - so it may be difficult to blend on a single page with other apps, but perhaps there is some brainstorming we can do with the documentation team to make this both a requirement for each workload, and also centralize access in some way.

I’ll send this to the right folks internally. Appreciate the suggestion!

Reply