Add a custom RBAC role
Create a custom RBAC role if you want to manually define the permissions and the access that users have to workload assets, policies, protection plans, or credentials.
See Notes for using NetBackup RBAC.
See Role permissions.
Note:
Cohesity reserves the right to update the RBAC permissions for default roles in future releases. Any revised permissions are automatically applied to users of these roles when NetBackup is upgraded. Any copies of default roles (or any custom roles that are based on default roles) are not automatically updated.
To add a custom RBAC role
- On the left, select Security > RBAC.
- Select Add.
- Select the type of role that you want to create.
You can make a copy of a default role that contains all the preconfigured permissions and settings for that type of role. Or, select Custom role to manually configure all the permissions for a role.
- Provide a Role name and a description.
For example, you may want to indicate that the role is for any users that are backup administrators for a particular department or region.
- Under Permissions, select Edit or Assign.
If you selected a default role type, certain permissions are enabled only if they are required for that type of role. (For example, the Default Multiperson Authorization (MPA) Approver does not require policy permissions. The Default Microsoft SQL Server Administrator requires credentials.)
The permissions that you select in the Permissions card determine the other settings that you can configure for the role.
When you select Asset permissions:
The Workloads card is enabled.
When you select Protection permissions for policies or protection plans:
The Protection card is enabled.
When you select Credentials permissions:
The Credentials card is enabled.
Under Protection, you can select the policies and protection plans that users can manage with this role. For policies, you can apply permissions to all policies, policies of one or more specific types, and specific policies.
- Under Users, select the Assign. Then select the users you want to add to the role.
- When you are done configuring the role, select Save.
Note: After a role is created, you must edit permissions for assets, policies, protection plans, or credentials directly from the applicable node in the web UI. For example, to edit permissions for all VMware assets, go to Workloads > VMware and then select VMware settings > Manage permissions. Or, select a VM and select Manage permissions.
- Users that were assigned to the role must sign out and sign in again before each user's permissions are updated.