Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Security and Encryption Guide
  5. Section I. Identity and access management
  7. NetBackup Access Control Security (NBAC)
  9. About determining who can access NetBackup
  11. NetBackup default user groups
NetBackup™ Security and Encryption Guide

NetBackup default user groups

The users that are granted permissions in each of the default user groups relate directly to the group name. Essentially, an authorization object correlates to a node in the NetBackup Administration Console tree.

The following table describes each NetBackup default user group.

Table: NetBackup default user groups

Default user group

Description

Operator (NBU_Operator)

The main task of the NBU_Operator user group is to monitor jobs. For example, members of the NBU_Operator user group might monitor jobs and notify a NetBackup administrator if there is a problem. Then, the administrator can address the problem. Using the default permissions, a member of the NBU_Operator user group would probably not have enough access to address larger problems.

Members of the NBU_Operator user group have the permissions that allow them to perform tasks such as moving tapes, operating drives, and inventorying robots.

Administrator (NBU_Admin)

Members of the NBU_Admin user group have full permission to access, configure, and operate any NetBackup authorization object. Some exceptions exist for SAN Administrators. In other words, members have all of the capabilities that are currently available to administrators without Access Management in place. However, as members of this group, you do not necessary log on as root or administrator in the OS.

Note:

Members of the NBU_Admin user group cannot see the contents of Access Management, and therefore, cannot ascribe permissions to other user groups.

SAN Administrator (NBU_SAN Admin)

By default, members of the NBU_SAN Admin user group have full permissions to browse, read, operate, and configure disk pools and host properties. These permissions let you configure the SAN environment and NetBackup's interaction with it.

User (NBU_User)

The NBU_User user group is the default NetBackup user group with the fewest permissions. Members of the NBU_User user group can only back up, restore, and archive files on their local host. NBU_User user group members have access to the functionality of the NetBackup client interface (BAR).

Security administrator (NBU_Security Admin)

Usually very few members exist in the NBU_Security Admin user group.

The only permission that the Security Administrator has, by default, is to configure access control within Access Management. Configuring access control includes the following abilities:

  • To see the contents of Access Management in the NetBackup Administration Console

  • To create, modify, and delete users and user groups

  • To assign users to user groups

  • To assign permissions to user groups

Vault operator (Vault_Operator)

The Vault_Operator user group is the default user group that contains permissions to perform the operator actions necessary for the Vault process.

KMS Administrator (NBU_KMS Admin)

By default, members of the NBU_KMS Admin user group have full permissions to browse, read, operate and configure encryption key management properties. These permissions make sure that you can configure the KMS environment and NetBackup's interaction with it.

Additional user groups

The Security Administrator (member of NBU_Security Admin or equivalent) can create user groups as needed. The default user groups can be selected, changed, and saved. It is recommended that the groups be copied, renamed, and then saved to retain the default settings for future reference.

Feedback

Was this page helpful?
Previous

User groups

Next

Configuring user groups

Feedback

Was this page helpful?