> For the complete documentation index, see [llms.txt](https://helpcenter.xopero.com/xopero-one-en/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://helpcenter.xopero.com/xopero-one-en/management/user-accounts/roles-and-permissions.md).
# Roles and permissions
## Roles
#### Xopero ONE allows you to choose from four different roles for user accounts:
| Role | Permissions |
| ------------------------ | --------------------------------------------------------------------------------------------------------------- |
| **System Administrator** | Highest-privilege account; includes all permissions of lower roles. Can manage data stores and system settings. |
| **Backup Operator** | Same permissions as **Viewer**, plus the ability to create and run backup tasks. |
| **Restore Operator** | Same permissions as **Viewer**, plus the ability to restore data. |
| **Viewer** | Least privileged account; can only view settings and cannot perform other actions. |
{% hint style="warning" %}
The initial administrative account—the one used to sign up for **Xopero ONE**—is designated as the **Root Administrator**. This account has the **highest level of permissions** and **cannot be restricted**. Note that the **Root Administrator** account can be reassigned if necessary.
{% endhint %}
***
## **Permissions**
The system allows for granular control through the following permission categories:
| Permission | Description |
| ----------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Account management** | Enables the creation of new administrative accounts and modification of existing ones. Available only for **System Administrator** role. |
| **Device management** | Allows activation of new devices and administration of currently connected devices. |
| **Microsoft 365 management** | Facilitates the addition of new **Microsoft 365** tenants and management of existing ones. |
| **Data delete** | Grants the ability to delete backup copies and storage repositories. |
| **DevOps management** | Allows the addition and administration of **DevOps** organizations. |
| **Virtual environments management** | Supports integration of new virtual environments and management of existing **VMware** configurations. |
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://helpcenter.xopero.com/xopero-one-en/management/user-accounts/roles-and-permissions.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.