Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ for VMware Administrator's Guide
  3. Configuring RBAC roles for VMware administrators
  4. RBAC roles for the VMware administrator
NetBackup™ for VMware Administrator's Guide

RBAC roles for the VMware administrator

NetBackup enables control over which users can access which VMware resources using Role Based Access Control (RBAC). You can grant RBAC access globally (to all VMware assets), at the individual VMware server level, or based on specific objects in the VMware object hierarchies.

The Default VMware Administrator role has access to all VMware assets (global). With this role the administrator can also manage credentials for a vCenter, ESX server, etc. (These credentials are managed on the VMware servers tab in Workloads > VMware.)

In addition, you may need other custom roles to give additional access to your VMware administrators.

  • A role that gives a VMware administrator access to a guest VM credential. This way, the user can perform an agentless files and folder recovery to the guest VM without having the VM's username and password.

    See Provide access to a credential for agentless single file recovery to a guest VM.

  • A role that is restricted to a single datacenter in a vCenter.

    See Create a custom role for a VMware server or datacenter.

  • A role to manage an Organization VDC (OrgVDC).

    See Create a custom role for an Organization VDC administrator.

  • A role that is restricted to an individual VM or VMs.

    See Create a custom role to manage specific VMs.

Note the following:

  • To create an RBAC role, you must have the RBAC Administrator role or the permissions to create roles.

  • To create a credential, you must have the RBAC Administrator role or a role that has permissions to create credentials. The Default VMware Administrator role can assign a credential to a user, but cannot create a credential in credential management.

  • Contact your NetBackup administrator for assistance with creating roles and credentials.

  • An RBAC role can be configured with access only on a vCloud Director server or on objects in the vCloud Director hierarchy. Users with this role are not able to see jobs in the Activity monitor.

Feedback

Was this page helpful?
Previous

Configuring RBAC roles for VMware administrators

Next

Assigning permissions at specific VMware object levels

Feedback

Was this page helpful?