Role-Based Access Control (RBAC) in Commvault Version 11

Article ID: SEC0005 Role-Based Access Control (RBAC) in Commvault Version 11


Role-Based Access Control (RBAC) in Commvault Version 11


Commvault Version 11 introduces Role-Based Access Control (RBAC). With RBAC, permissions to perform tasks can be defined in a Role and granted to individual users or user groups for associated CommCell entities. RBAC increases the flexibility of user security by enabling administrators to align task authorization to business needs rather than technology consideration. 

A key benefit of Commvault's new RBAC security architecture is its ability to assign roles to external users and user groups.  This provides ease of security management by allowing a CommCell administrator to manage CommCell access using existing external security architecture. 

RBAC can be used in situations where:

  • Managed Service Provider (MSP) is supporting multiple tenants/customers with various requirements for user security. A tenant administrator can be granted a User Management role plus any number of roles that they can assign to their respective users. These roles/users can be associated to different CommCell entities to allow the user to perform authorized tasks.
  • Tiered security organization can grant limited administrative or functional roles to users for different levels of storage, clients, or agents

Any User or User Group can have multiple roles assigned, allowing various levels of access in performing tasks for different CommCell entities. Users upgrading from Commvault Version 10 or earlier will be automatically and seamlessly migrated to the new RBAC security.