Barracuda Cloud Control permissions and roles are managed by each individual service. By default, not all services grant the same role.
Barracuda Backup Appliance
By default, the user is granted account administrator rights when Backup is selected in the Product Entitlements section. To modify the user role, click Configure Permissions below Backup; the Configuration page displays where you can set the following options:
- Turn on the Barracuda Email Notifications for this user:
- Backup Summary Reports for each appliance daily – When turned on, a report is sent to this user each day between 8-9am.
- Backup Detailed Reports for each backup job – When turned on, a report is sent to this user each time a backup job completes.
- Alerts – When turned on, an alert is sent to this user if an error occurs during a backup job or if the Barracuda Backup appliance goes offline.
- Notices – when turned on, a notice is sent to this user when the Barracuda Backup Server appliance is updated.
- Authentication– To restrict the IP address from which this user is allowed to log in, enter a value in the Allowed IP Login Addresses field. Use a comma to separate multiple IP blocks or ranges.
- Specify user Permissions:
- Account Administrator – User has full access to all Barracuda Backup appliances within the account.
- Barracuda Backup Appliance Administrator* – User has full access to all selected Barracuda Backup appliances; user does not have edit or view user accounts access. When selected, the Backup Server Permissions section displays:
- Operator* – User access is limited to viewing statistics and modifying backup configuration for selected Barracuda Backup Appliances. Operators cannot restore data or edit user accounts.
*For both Barracuda Backup Appliance Administrator and Operator permissions, you can grant or deny access to backup appliances. In the Grant Access To… section, use the Select All Backup Appliances checkbox to grant or deny access to backup appliances:
- Select the checkbox to allow access to all backup appliances.
- Clear the checkbox to view a list of backup appliances. Select only those appliances for which you want to grant access.
Barracuda Web Security Service
By default, the user is granted administrator rights when Web Security is selected in the Product Entitlements section. The administrator role has all permissions and is the only role that can create policies. The Limit Access To setting does not apply to this role. To modify the user role, log in to the Barracuda Web Security Gateway web interface. The following roles are available:
- Read Only – User has read-only permissions on all tabs, and can run, but not schedule, reports. The Limit Access To setting does not apply to this role.
- Manage – User has read-only permissions on the Dashboard and Log pages, can view and schedule reports, and can create exceptions on the BLOCK/ACCEPT > Exceptions page. The Limit Access To setting applies.
- Monitor – User has read-only permissions on the Dashboard and Log pages, and can view and schedule reports. The Limit Access To setting applies.
- Support – User has read-only permissions on the Dashboard, Log, and Reports pages. User can create exceptions on the BLOCK/ACCEPT > Exceptions page.
Email Gateway Defense
By default, the user is granted domain administrator rights when Email Gateway Defense is selected in the Product Entitlements section. The domain administrator can view message content (if privacy settings allow) for designated domains, enable/disable per-user quarantine at the domain level, and, if per-user quarantine is disabled, specify a global quarantine email address for designated domains. Additionally, the domain administrator can enable/disable some default user features for new accounts and designated domains. To modify the user role, log into the Barracuda Email Security Gateway web interface. The following roles are available:
- User Role – User has the following permissions:
- Modify individual settings for quarantine, spam tag, and block levels;
- Manage quarantine inbox including mark as spam/not spam, deliver, mark as safe, and delete quarantined messages;
- Change password (if Single Sign-On authentication is not configured);
- Create allow lists and block lists for email addresses and domains; and
- Manage a personal Bayesian database.
- Helpdesk Role – User has all User Role permissions. Additionally, user can:
- Change or update user account settings in the domain(s) to which the helpdesk user is assigned, which includes users spam scoring, allow or block, quarantine enable/disable, notification and Bayesian filtering settings;
- View the Message Log for the domain(s) managed and deliver quarantined messages;
- Log into an account with lesser permissions and manage the associated quarantine inbox including mark as spam/not spam, deliver, allow and delete quarantined messages;
- View domain-level status and reports (excluding the daily False Positive and False Negative, which can only be generated at the global level by the administrator); and
Edit account roles for account holders with lesser permissions.
- Governance, Risk Management and Compliance (GRC) Account Role – User has access to Outbound Quarantine logs, and can take the following actions with outbound quarantined messages:
- Deliver – GRC determines that the message is allowed, per policy.
- Reject – GRC determines that the message is not allowed for delivery, per policy. If the Admin has configured it on the ADVANCED > Bounce/NDR Settings page, this action sends a bounce message to the sender.
- Delete – GRC determines that the message is not allowed for delivery. The message is removed from the Outbound Quarantine log.
Barracuda Cloud Archiving Service
By default, the user is granted user rights when Archiver is selected in the Product Entitlements section. To modify the user role, log in to the Barracuda Cloud Archiving Service web interface. The following roles are available:
- User – User can search and view messages accessible to the account, either because the username for the account is also that of the sender or recipient of a message, or because it has been given explicit access to view an email address via Alias Linking. Additionally, user can download enabled add-ins and tools and view the Task Manager.
Auditor – User can create and activate policies, and view, search, and export any messages to/from the domains to which they have access. Additionally, Auditors can save and name an Advanced search for re-execution at a later time from the Saved Searches tab.
- Admin – User can view all items from any user, not just those listed for the account. Additionally, user can create and activate policies, and can make other system or network changes.
Barracuda Vulnerability Manger
By default, the user is granted administrator rights when Vulnerability Manager is selected in the Product Entitlements section. Administrator is the only role for this service.
Barracuda Appliance Control
By default, the user is granted account administrator rights when Appliance Control is selected in the Product Entitlements section and can perform all actions except those related to other users. If this user is granted User Management privileges, the user can add, modify, and remove users, and can set the following permissions:
- View Dashboard Only – User can view statistics.
View Reports, Logs, and Dashboard Only – User can create and view reports, and view logs and statistics.
- All Actions – The account can perform all actions except those related to other users.