# Roles and permissions

## Roles

#### Xopero ONE allows you to choose from four different roles for user accounts:

| Role                     | Permissions                                                                                                     |
| ------------------------ | --------------------------------------------------------------------------------------------------------------- |
| **System Administrator** | Highest-privilege account; includes all permissions of lower roles. Can manage data stores and system settings. |
| **Backup Operator**      | Same permissions as **Viewer**, plus the ability to create and run backup tasks.                                |
| **Restore Operator**     | Same permissions as **Viewer**, plus the ability to restore data.                                               |
| **Viewer**               | Least privileged account; can only view settings and cannot perform other actions.                              |

{% hint style="warning" %}
The initial administrative account—the one used to sign up for **Xopero ONE**—is designated as the **Root Administrator**. This account has the <mark style="color:$danger;">**highest level of permissions**</mark> and <mark style="color:$danger;">**cannot be restricted**</mark>. Note that the **Root Administrator** account can be reassigned if necessary.
{% endhint %}

***

## **Permissions**

The system allows for granular control through the following permission categories:

| Permission                          | Description                                                                                                                                                                                                                                                                                                                  |
| ----------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Account management**              | Enables the creation of new administrative accounts and modification of existing ones. <mark style="color:$danger;">Available only for</mark> <mark style="color:$danger;"></mark><mark style="color:$danger;">**System Administrator**</mark> <mark style="color:$danger;"></mark><mark style="color:$danger;">role</mark>. |
| **Device management**               | Allows activation of new devices and administration of currently connected devices.                                                                                                                                                                                                                                          |
| **Microsoft 365 management**        | Facilitates the addition of new **Microsoft 365** tenants and management of existing ones.                                                                                                                                                                                                                                   |
| **Data delete**                     | Grants the ability to delete backup copies and storage repositories.                                                                                                                                                                                                                                                         |
| **DevOps management**               | Allows the addition and administration of **DevOps** organizations.                                                                                                                                                                                                                                                          |
| **Virtual environments management** | Supports integration of new virtual environments and management of existing **VMware** configurations.                                                                                                                                                                                                                       |