Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Web UI Administrator's Guide
  5. Section IX. Managing security
  7. Managing role-based access control (RBAC)
  9. Add a custom RBAC role
NetBackup™ Web UI Administrator's Guide

Add a custom RBAC role

Create a custom RBAC role if you want to manually define the permissions and the access that users have to workload assets, policies, protection plans, or credentials.

See Notes for using NetBackup RBAC.

See Role permissions.

Note:

Cohesity reserves the right to update the RBAC permissions for default roles in future releases. Any revised permissions are automatically applied to users of these roles when NetBackup is upgraded. Any copies of default roles (or any custom roles that are based on default roles) are not automatically updated.

To add a custom RBAC role

  1. On the left, select Security > RBAC.
  2. Select Add.
  3. Select the type of role that you want to create.

    You can make a copy of a default role that contains all the preconfigured permissions and settings for that type of role. Or, select Custom role to manually configure all the permissions for a role.

  4. Provide a Role name and a description.

    For example, you may want to indicate that the role is for any users that are backup administrators for a particular department or region.

  5. Under Permissions, select Edit or Assign.

    If you selected a default role type, certain permissions are enabled only if they are required for that type of role. (For example, the Default Multiperson Authorization (MPA) Approver does not require policy permissions. The Default Microsoft SQL Server Administrator requires credentials.)

    The permissions that you select in the Permissions card determine the other settings that you can configure for the role.

    When you select Asset permissions:

    The Workloads card is enabled.

    When you select Protection permissions for policies or protection plans:

    The Protection card is enabled.

    When you select Credentials permissions:

    The Credentials card is enabled.

  6. Under Protection, you can select the policies and protection plans that users can manage with this role. For policies, you can apply permissions to all policies, policies of one or more specific types, and specific policies.

  7. Under Users, select the Assign. Then select the users you want to add to the role.
  8. When you are done configuring the role, select Save.

    Note: After a role is created, you must edit permissions for assets, policies, protection plans, or credentials directly from the applicable node in the web UI. For example, to edit permissions for all VMware assets, go to Workloads > VMware and then select VMware settings > Manage permissions. Or, select a VM and select Manage permissions.

  9. Users that were assigned to the role must sign out and sign in again before each user's permissions are updated.

Feedback

Was this page helpful?
Previous

Default RBAC roles

Next

Edit a custom role

Feedback

Was this page helpful?