# Roles and permissions

## Roles

#### GitProtect allows you to choose from four different roles for user accounts:

| Role                     | Permissions                                                                                                     |
| ------------------------ | --------------------------------------------------------------------------------------------------------------- |
| **System Administrator** | Highest-privilege account; includes all permissions of lower roles. Can manage data stores and system settings. |
| **Backup Operator**      | Same permissions as **Viewer**, plus the ability to create and run backup tasks.                                |
| **Restore Operator**     | Same permissions as **Viewer**, plus the ability to restore data.                                               |
| **Viewer**               | Least privileged account; can only view settings and cannot perform other actions.                              |

{% hint style="warning" %}
The initial administrative account—the one used to sign up for **GitProtect**—is designated as the **Root Administrator**. This account has the **highest level of permissions** and **cannot be restricted**. Note that the **Root Administrator** account can be reassigned if necessary.
{% endhint %}

***

## **Permissions**

The system allows for granular control through the following permission categories:

| Permission                          | Description                                                                                                                              |
| ----------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- |
| **Account management**              | Enables the creation of new administrative accounts and modification of existing ones. Available only for **System Administrator** role. |
| **Device management**               | Allows activation of new devices and administration of currently connected devices.                                                      |
| **Microsoft 365 management**        | Facilitates the addition of new **Microsoft 365** tenants and management of existing ones.                                               |
| **Data delete**                     | Grants the ability to delete backup copies and storage repositories.                                                                     |
| **DevOps management**               | Allows the addition and administration of **DevOps** organizations.                                                                      |
| **Virtual environments management** | Supports integration of new virtual environments and management of existing **VMware** configurations.                                   |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://helpcenter.gitprotect.io/management/user-accounts/roles-and-permissions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.