Default RBAC roles
The NetBackup web UI provides the following default RBAC roles with preconfigured permissions and settings.
Table: Default RBAC roles in the NetBackup web UI
Role name | Description |
|---|---|
Administrator | The Administrator role has full permissions for NetBackup and can manage all aspects of NetBackup. |
Default AHV Administrator | This role has all the permissions that are necessary to manage Nutanix Acropolis Hypervisor and to back up those assets with protection plans. |
Default Apache Cassandra Administrator | This role has all the permissions that are necessary to manage and protect Apache Cassandra assets with protection plans. |
Default Cloud Administrator | This role has all the permissions that are necessary to manage cloud assets and to back up those assets with protection plans. Note that a PaaS administrator requires some additional permissions that you can add to a custom role. Cloud administrators also need additional permissions to manage cloud and PaaS assets using intelligent groups. |
Default Cloud Object Store Administrator | This role has all the permissions to manage the protection for cloud objects using classic policies. |
Default DB2 Administrator | This role provides the ability to view and restore DB2 backups with the nbdb2adutl command. The administrator can also view and manage DB2 jobs. |
Default IRE SLP Administrator | Manages IRE (Isolated Recovery Environment) SLP (Storage lifecycle policies) functionalities. |
Default Kubernetes Administrator | This role has all the permissions that are necessary to manage Kubernetes and to back up those assets with protection plans. The permissions for this role give a user the ability to view and manage jobs for Kubernetes assets. To view all jobs for this asset type, a user must have the default role for that workload. Or, a similar custom role must have the following option applied when the role is created: . |
Default KVM Administrator | This role has all the permissions that are necessary to manage KVM and to back up those assets. The administrator can also view and manage KVM jobs. |
Default Microsoft Sentinel Administrator | This role has all the permissions necessary to add Microsoft Sentinel credentials in NetBackup and to send NetBackup audit events to Microsoft Sentinel. |
Default Microsoft SQL Server Administrator | This role has all the permissions that are necessary to manage SQL Server databases and to back up those assets with protection plans. In addition to this role, the NetBackup user must meet the following requirements:
|
Default MongoDB Ops Manager | This role has all the permissions that are necessary to manage and protect assets in MongoDB Ops Manager with protection plan. |
Default MultiPerson Authorization (MPA) Approver | This role has permissions to manage MPA tickets. |
Default MySQL Administrator | This role has all the permissions that are necessary to manage MySQL instances and databases and to back up those assets with protection plans. |
Default NAS Administrator | This role has all the permissions that are necessary to perform the backup and restore of NAS volumes using a policy. To view all jobs for the backups and restores of a NAS volume, a user must have this role. Or, the user must have a custom role with same permissions applied when the role was created. |
Default NetBackup Command Line (CLI) Administrator | This role has all the permissions that are necessary to manage NetBackup using the NetBackup command line (CLI). With this role a user can run most of the NetBackup commands with a non-root account. A user that has only this role cannot sign into the web UI. |
Default Oracle Administrator | This role has all the permissions that are necessary to manage Oracle databases and to back up those assets with protection plans. |
Default PostgreSQL Administrator | This role has all the permissions that are necessary to manage PostgreSQL instances and databases and to back up those assets with protection plans. |
Default Resiliency Administrator | This role has all the permissions to protect the Veritas Resiliency Platform (VRP) for VMware assets. |
Default RHV Administrator | This role has all the permissions that are necessary to manage Red Hat Virtualization computers and to back up those assets with protection plans. This role gives a user the ability to view and manage jobs for RHV assets. To view all jobs for RHV assets, a user must have this role. Or, the user must have a similar custom role with following option applied when the role was created: . |
Default SaaS Administrator | This role has all the permissions to view and manage SaaS assets. |
Default Security Administrator | This role has permissions to manage NetBackup security including role-based access control (RBAC), certificates, hosts, identity providers and domains, global security settings, and other permissions. This role can also view settings and assets in most areas of NetBackup: workloads, storage, licensing, and other areas. |
Default Storage Administrator | This role has permissions to configure disk-based storage and storage lifecycle policies. SLP settings are managed with the Administrator role. Note: A user that is assigned with this role also has access permissions to Tape vault in Vault management. |
Default Universal Share Administrator | This role has the permissions to manage policies and storage servers. It can also manage the assets for filesystem clients (MS-Windows and Standard policies) and for universal shares. |
Default VMware Administrator | This role has all the permissions that are necessary to manage VMware virtual machines and to back up those assets with protection plans. To view all jobs for VMware assets, a user must have this role. Or, the user must have a similar custom role with following option applied when the role was created: . |
NetBackup Read-Only Operator | This role provides the read-only permissions to the IT Analytics Operator, Multiperson Authorization Approver, and other operators in NetBackup, with no permissions for security. |
Note:
Cohesity reserves the right to update the RBAC permissions for default roles in future releases. Any revised permissions are automatically applied to users of these roles when NetBackup is upgraded. If you have copies of default roles these roles are not updated automatically. (Or, if you have any custom roles that are based on default roles.) If you want these custom roles to include changes to default roles, you must manually apply the changes or recreate the custom roles.