With System Center Data Protection Manager 2012, you can effectively model your existing team structure into one of the roles shipped out of the box. "The Role Based Access in DPM 2012 works at the "Operation" level and NOT "object" level. For example, you can control who can run backups versus who can run recoveries. But once you allow a user to perform backups, you cannot further control to say "run backups only for these databases".," explained DPM team blog
Here is a video recording (DPM 2012 - Centralized Management : Role Based Access) that talks about Role Based Access and shows how a recovery operator can recover a item from the Central Console in a couple of clicks.
DPM 2012 ships with a rich set of 7 default roles out of the box. This includes:
- Read-Only User - Can view all. Can modify,run nothing.
- Recovery Operator - Can only perform Recoveries
- Reporting Operator - Can only run/manage reports
- Tier-1 Support (help desk) - Can "Resume backups" and "Take Automated Recommended Action". Can open a scoped DPM Console to troubleshoot issues.
- Tier-2 Support(escalation) - Can run backups on demand. Can perform corrective actions such as enabling/disabling agents etc.
- TAPE Operator - Can rerun backups or perform TAPE drive tasks
- TAPE Admins - Can perform all TAPE related actions
- DPM Admins - Can perform all actions.
To get these roles into Operations Manager,
- Import the management pack,
- Install the "Central Console Server Side Components" setup.
- Once this is done, run the tool "DefaultRoleConfigurator.exe" on the Operations Manager Server which can be found under the C:\Program Files\Microsoft DPM\bin folder. This will create the roles inside Operations Manager.