Microsoft 365 User Permissions in SpinOne

Learn how to assing additional user permissions in SpinOne Data Protection Platform for Microsoft Office 365 to grant administration capabilities to others.

Written By Val Parsons (Collaborator)

Updated at May 13th, 2024

Initially, only the Root Administrator of the SpinOne account will have access to the SpinOne platform. However, it is extremely easy to delegate customized access to other users based on what's required for them.


In this article, we will discuss how to:

1) Assign additional permissions to other users

2) Understand what each permission set entails


Assigning Additional Permissions to Other Users


To get started, log in to your SpinOne account.

Head to the Users section from the left panel to enter the User Management Console.


Click on the User you would like to provide permissions to, in order to open up their Auto-backup and Permissions Settings.

Select Permissions from the newly opened window.


Now you can easily customize the permissions set for this user.


If you would like to update permissions for ALL users, or for a certain Security Group, select Permissions from the Settings on the top right of the current screen.


Now, the permissions chosen on this page will be updated for the selected Users.


Click Update once you're done and the permissions will be automatically applied.


Understanding What Each Permission Set Entails


It is important to understand what each permission set entails in order to correctly delegate access to anyone needed.

You can delegate an end-user with the ability to simply login, and manage their own data by providing the following permissions:


- Login - ability to login to the SpinOne platform

- Restore - allows the user to restore their own data

- Download - allows the user to download their own data

In order to provide Administrative privileges, first, ensure that these three permissions are enabled and then proceed to provide further permissions.


Start off by enabling the Grant Admin Permissions toggle. Once this has been enabled, this User is automatically marked as an administrator on the SpinOne console. Enabling this will now allow you to customize the rest of the administrative permissions. The administrator will by default be able to view all Users, unless access is restricted to a certain SG.


Now let's go through what each permission means:


- Manager users - ability to activate new users, change permissions

- Manage superuser - ability to see and manage the Root Administrator account

- Change account and user settings - access to the Account Settings to manage automation, reporting, backup frequency, reporting, etc.

- Manage data (browse, read) - ability to view user data and preview emails

- Billing - ability to add licenses, change plans and manage payment 

- Restore - the ability to launch restores of accessible user data (includes cross-user restoration)

- Download - the ability to export backed up data to a local device

- Preview Item - the ability to preview emails from the UI

- Delete users - ability to remove licenses from active users


Once these permissions have been updated, the user can access the SpinOne platform in the same manner as the Root Administrator: initially by OAuth (using "Sign in With Microsoft"), and then with the ability to create their own unique SpinOne credentials.

If you would like an administrator to only have access to Users from a certain SG, restrict their access to those SGs by following these steps:

Here, you will find an updated list of your SGs, their administrators and where their data is being backed up.

Find the SG that you would like to assign to an administrator and click on the pencil to manage its administrators.

Search for the User, select them, and click on the + on the right.



Now, this user account can only access and manage (based on their permissions) users from the specified Security Group.

You can add more administrators to the same SG or remove these administrators as necessary.

Was this article helpful?