Self-service access to SharePoint and Microsoft 365 group/team backups¶
Afi Backup provides granular access management capabilities, including self-service access for the end-users to their backups. Self-service access can be enabled by Afi administrators on the Service → Settings → Access groups tab and, by default, grants users access to their own mailbox and drive backup.
When Microsoft 365 users actively collaborate in SharePoint sites and Microsoft 365 groups/teams, they might need access not only to their own backups, but also to their site/group/team backups. To cover such scenarios, Afi Backup provides an extended end-user self-service mode that includes site/group/team access for data export and recovery.
Extended self-service access is provisioned based on SharePoint site collection administrator roles. If a user is a SharePoint site collection administrator for a site, then they can access the corresponding backup of this site or of a group/team linked to this site when the extended self-service access is enabled. SharePoint site collection administrators are configured in the Advanced permission settings for a given SharePoint site.
For example, the screenshot below shows a case when the self-service user Adele Vance has access to several SharePoint group sites through self-service and can export or recover the data from these sites through the Afi portal:
Self-service access permissions to SharePoint and Groups/Teams backups are configured on the Service → Settings → Access groups tab as a part of the Self Service access group configuration. The same permissions are applied both to a user's own mailbox backup and to their sites/groups/teams backups.
A list of SharePoint sites and Groups/Teams available to each self-service user is updated once per 24 hours during periodic Afi resource synchronizations with Microsoft 365. So if a user becomes a site collection administrator for a SharePoint (Group/Team) site or is stripped from a site collection administrator role, then these changes will be reflected in the Afi portal during the next 24 hours. An out-of-schedule synchronization can be triggered by an Afi administrator by clicking on the refresh icon in the top-right corner of the Service → Protection screen.
When a site/group/team is deleted on the Microsoft 365 side, it is still available through self-service for users who were site collection administrator of the corresponding SharePoint (Group/Team) site right before its deletion.