Local Users

Topic

This article describes the Local Users category of the Datto appliance GUI.

Environment

Datto SIRIS
Datto ALTO
Datto NAS

Description

The Local Users control panel allows you to assign role-based feature and functionality access to local user accounts on the Datto appliance. You can define which people in your organization have administrative access to your Datto devices, and which functions they are allowed to perform.

Procedure

To access the Local Users category, navigate to Configure > Device Settings in the Datto appliance GUI.
On the Device Settings page, scroll to the Local Users category.

The Local Users category displays the following options:

A. Username: The login name of each local user account with access to the device appears here.
B. Create User: Allows you to add a new local user account to the device. You will be prompted to create a username and password for the local user account. Usernames containing special characters or spaces are not allowed. The newly-created user cannot be modified, and will not be added to the device until you click Apply.
C. Web Access: This check-box controls access to the Datto appliance GUI.
D. Actions: Allows you to make changes to existing user accounts. The available options are:
- Change Password: This setting changes the existing password for the selected user account. Passwords must be a minimum length of 8 characters and not exceed 128 characters. They cannot contain common-use patterns or Datto-specific words (Datto, SIRIS, device, partner, etc.). Passwords must include a combination of uppercase and lowercase letters, as well as numbers and special characters.
- Delete User Account: Select this option to delete the local user account.
- Edit Permissions: Allows you to set access permissions for the selected user account granularity. See the User Account Permissions section of this article for more information.

User Account Permissions

Clicking the Edit Permissions option in the Actions group of the Local Users category will take you to the Manage Permissions page for the selected user. From this page, you can manage the type of access each local user account has to the Datto appliance, and the actions each account is allowed to perform. Select a permission level to learn more.

Administrator
Basic Access
NAS Access
Restore Files and Systems

Administrator

Administrators have complete control over the device. Partners should limit this account type to trusted individuals. Device administrators can access any page or functionality available in the device UI.

Basic Access

Every local user has the Basic role. You cannot create a local user without this role, and you cannot remove this role from a local user that already exists.Basic users have access to view device parameters but are limited in what changes they can make.

There is value to having a local user account with only a Basic role assigned. Users in this role may include customers who want to have some connection to the Datto hardware and services for which they are paying or users who only need to access the Backup Report and Continuity Audit features.

The device functions available to users with Basic Access are:

Login and Logout
Top-level navigation:
- View the Home Page
- View the Protect Page
- View View the Synchronize Page
- View the Restore Page (Basic Users cannot mount or unmount restores)
- View limited device health information on the Advanced tab
Viewing the Backup Report and Continuity Audit

NAS Access

The NAS Access role has only one permission: it lets users access the Network Attached Storage page at Home > File Share > Network Attached Storage.

The Administrator role includes the abilities of the NAS role and does not need them to be added.

Users who need to do any of the following should have the Administrator role instead of the NAS role:

Configure a NAS Share
Install File Sync and Share (Datto Drive)
Create a Share (Wizard)
Access Manage Recovery Points
Remove a Share

Restore Files and Systems

Restore Files and Systems is not a tiered role that builds on top of any other role. It is a distinct grouping of pages related to restoring a protected system.

The Administrator role includes the abilities of the Restore role and does not need them to be added.

The device functions available to users with the Restore role are:

Ability to restore a protected system via any restore method available
Access to the Granular Restore page to download software and licenses for Kroll OnTrack, allowing restoration of Microsoft Exchange, SharePoint, and SQL servers

Mapping of Legacy Permissions to New Roles

Before the release of the Local Users update, there were 14 existing permissions in the user access structure, which are now mapped to the four roles described in the User Account Permissions section of this article. The Device Updates permission has been discontinued.

Legacy Permission	New Role
Basic access	Basic
Restore (formerly Recovery Points)	Restore
File Restore	Restore
Local Virtualization	Restore
Bare Metal Restore	Restore
Export Image	Restore
Administration	Administrator
Network Configuration	Administrator
Off-site Configuration	Administrator
Advanced Device Status	Administrator
Remove Protected Agents	Administrator
NAS	NAS
Device Updates	N/A

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the ideas forum!
	Provide feedback for the Documentation team.