Afi Backup provides granular access management capabilities, including self-service access for the end-users to their backups. Self-service access can be enabled by account administrators at the Service→ Settings→ Access groups tab and, by default, grants users access to their mailbox and drive backup.
When Microsoft 365 domain users actively collaborate in SharePoint sites and Microsoft 365 groups/teams, they might need access not only to their own backups but also to their sites/groups/teams backups. To cover such scenarios, Afi Backup provides an extended end-user self-service mode that includes site/group/team access for data export and recovery.
Note: Please contact firstname.lastname@example.org to enable this feature.
Extended self-service access is provisioned based on a SharePoint site collection administrator role. If a user is a SharePoint site collection administrator for a site, then they can access the corresponding backup of this site or of a group/team linked with this site when extended self-service access is enabled. SharePoint site collection administrators are configured in Advanced permission settings for a given SharePoint site.
For example, the screenshot below shows a case when a self-service user Adele Vance has access to several SharePoint group sites through self-service and can export or recover the data from these sites through the Afi portal:
Self-service access permissions to SharePoint and Groups/Teams backups are configured at the Service→ Settings→ Access groups tab as a part of Self Service access group configuration. The same permissions are applied both to a user's own mailbox backup and to their sites/groups/teams backups.
A list of SharePoint sites and Groups/Teams available to each self-service user is updated once per 24 hours during a periodic Afi resources synchronization with Microsoft 365. So if a user becomes a site collection administrator for a SharePoint (Group/Team) site or is stripped from a site collection administrator role then these changes will be reflected in the Afi portal during the next 24 hours. An out-of-schedule synchronization can be triggered by an Afi account administrator by clicking on the refresh icon in the top-right corner of the Service→ Protection screen.
When a site/group/team is deleted on Microsoft 365 side, it is still available through self-service for users who were site collection administrator of the corresponding SharePoint (Group/Team) site right before the deletion.