This topic helps you understand the PX-Backup Security, how it is useful to your enterprise, and how you can access it to define roles and assign roles to users.


PX-Backup Security is a built-in feature in PX-Backup. PX-Backup Security allows you to control user access to certain resources by setting governance policies and managing permissions for the application owners on the platform. PX-Backup Security is a role-based access control (RBAC) system that enables authorization for users or user groups through an existing OIDC authentication service such as Keycloak and Okta.

PX-Backup allows mapping users or user groups to specific roles. These roles control actions and permissions that a user is allowed to perform. Administrators set the scope of access and allow users to share resources.

PX-Backup Security allows administrators and application owners manage access to the following resources:

  • Cloud Accounts
  • Backup Locations
  • Schedule policies
  • Rules
  • Roles

Kuberenetes administrators and application owners use PX-Backup Security to configure backups and restores, by providing a granular level of authorization to PX-Backup resources. PX-Backup security supports different levels of authorization across multiple PX-Backup deployments while retaining the same user management and authentication.

PX-Backup is managed using PX-Central which provides OIDC integration. PX-Backup Security for clusters is controlled by Kubernetes access control. Administrators can add their clusters in PX-Backup with the credentials or Kubeconfig assigned to them. PX-Backup inherits the permissions from Kubernetes and displays the resources that a user contains permission to access.

PX-Backup built-in roles

The PX-Backup built-in roles match user personas managing the Kubernetes infrastructure and applications:

  • Infrastructure administrator (px-backup.infra.admin): The infrastructure owner with administrator privileges for PX-Backup resources such as cloud accounts, backup locations, schedules, and rules. Infrastructure administrators create custom rules, in addition to the built-in rules in PX-Backup. Infrastructure owners or any user can create a shared resource pool to share backup locations, schedules, and backup rules with other users.

  • Application administrator ( Application administrators can manage applications they own. Application administrators contain privileges for schedules and rules, and can use existing cloud accounts.

  • Application user ( The application users who can backup and restore applications, but cannot create a schedule policy or rules.

NOTE: PX-Backup does not allow editing the built-in roles, but you can duplicate them.

Access PX-Backup Security

Perform the following steps to access PX-Backup Security:

  1. Log in to PX-Backup using the infrastructure administrator credentials.

  2. Select the PX-Backup Security option from the profile menu in the lower left corner of the PX-Backup page.

Access PX-Backup Security

The PX-Backup Security includes:

  • Role Mapping: Displays all exisiting OIDC users (when you integrate PX-Backup with an external OIDC), and new users added by the infrastructure administrator using PX-Backup Keycloak.
  • Roles: Displays the three built-in roles, by default, and new roles added by the infrsatructure administrator.

Last edited: Tuesday, Aug 10, 2021