Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Web UI Administrator's Guide
  5. Section IX. Managing security
  7. Managing role-based access control (RBAC)
  9. Default RBAC roles
NetBackup™ Web UI Administrator's Guide

Default RBAC roles

The NetBackup web UI provides the following default RBAC roles with preconfigured permissions and settings.

Table: Default RBAC roles in the NetBackup web UI

Role name

Description

Administrator

The Administrator role has full permissions for NetBackup and can manage all aspects of NetBackup.

Default AHV Administrator

This role has all the permissions that are necessary to manage Nutanix Acropolis Hypervisor and to back up those assets with protection plans.

Default Apache Cassandra Administrator

This role has all the permissions that are necessary to manage and protect Apache Cassandra assets with protection plans.

Default Cloud Administrator

This role has all the permissions that are necessary to manage cloud assets and to back up those assets with protection plans.

Note that a PaaS administrator requires some additional permissions that you can add to a custom role.

Cloud administrators also need additional permissions to manage cloud and PaaS assets using intelligent groups.

See Add a custom RBAC role for a PaaS administrator.

Default Cloud Object Store Administrator

This role has all the permissions to manage the protection for cloud objects using classic policies.

Default DB2 Administrator

This role provides the ability to view and restore DB2 backups with the nbdb2adutl command. The administrator can also view and manage DB2 jobs.

Default IRE SLP Administrator

Manages IRE (Isolated Recovery Environment) SLP (Storage lifecycle policies) functionalities.

Default Kubernetes Administrator

This role has all the permissions that are necessary to manage Kubernetes and to back up those assets with protection plans. The permissions for this role give a user the ability to view and manage jobs for Kubernetes assets. To view all jobs for this asset type, a user must have the default role for that workload. Or, a similar custom role must have the following option applied when the role is created: Apply selected permissions to all existing and future workload assets.

Default KVM Administrator

This role has all the permissions that are necessary to manage KVM and to back up those assets. The administrator can also view and manage KVM jobs.

Default Microsoft Sentinel Administrator

This role has all the permissions necessary to add Microsoft Sentinel credentials in NetBackup and to send NetBackup audit events to Microsoft Sentinel.

Default Microsoft SQL Server Administrator

This role has all the permissions that are necessary to manage SQL Server databases and to back up those assets with protection plans. In addition to this role, the NetBackup user must meet the following requirements:

  • Member of the Windows administrator group.

  • Have the SQL Server "sysadmin" role.

Default MongoDB Ops Manager

This role has all the permissions that are necessary to manage and protect assets in MongoDB Ops Manager with protection plan.

Default MultiPerson Authorization (MPA) Approver

This role has permissions to manage MPA tickets.

Default MySQL Administrator

This role has all the permissions that are necessary to manage MySQL instances and databases and to back up those assets with protection plans.

Default NAS Administrator

This role has all the permissions that are necessary to perform the backup and restore of NAS volumes using a NAS-Data-Protection policy. To view all jobs for the backups and restores of a NAS volume, a user must have this role. Or, the user must have a custom role with same permissions applied when the role was created.

Default NetBackup Command Line (CLI) Administrator

This role has all the permissions that are necessary to manage NetBackup using the NetBackup command line (CLI). With this role a user can run most of the NetBackup commands with a non-root account.

Note: A user that has only this role cannot sign into the web UI.

Default Oracle Administrator

This role has all the permissions that are necessary to manage Oracle databases and to back up those assets with protection plans.

Default PostgreSQL Administrator

This role has all the permissions that are necessary to manage PostgreSQL instances and databases and to back up those assets with protection plans.

Default Resiliency Administrator

This role has all the permissions to protect the Veritas Resiliency Platform (VRP) for VMware assets.

Default RHV Administrator

This role has all the permissions that are necessary to manage Red Hat Virtualization computers and to back up those assets with protection plans. This role gives a user the ability to view and manage jobs for RHV assets.

To view all jobs for RHV assets, a user must have this role. Or, the user must have a similar custom role with following option applied when the role was created: Apply selected permissions to all existing and future RHV assets.

Default SaaS Administrator

This role has all the permissions to view and manage SaaS assets.

Default Security Administrator

This role has permissions to manage NetBackup security including role-based access control (RBAC), certificates, hosts, identity providers and domains, global security settings, and other permissions. This role can also view settings and assets in most areas of NetBackup: workloads, storage, licensing, and other areas.

Default Storage Administrator

This role has permissions to configure disk-based storage and storage lifecycle policies. SLP settings are managed with the Administrator role.

Note:

A user that is assigned with this role also has access permissions to Tape vault in Vault management.

Default Universal Share Administrator

This role has the permissions to manage policies and storage servers. It can also manage the assets for filesystem clients (MS-Windows and Standard policies) and for universal shares.

Default VMware Administrator

This role has all the permissions that are necessary to manage VMware virtual machines and to back up those assets with protection plans. To view all jobs for VMware assets, a user must have this role. Or, the user must have a similar custom role with following option applied when the role was created: Apply selected permissions to all existing and future VMware assets.

NetBackup Read-Only Operator

This role provides the read-only permissions to the IT Analytics Operator, Multiperson Authorization Approver, and other operators in NetBackup, with no permissions for security.

Note:

Cohesity reserves the right to update the RBAC permissions for default roles in future releases. Any revised permissions are automatically applied to users of these roles when NetBackup is upgraded. If you have copies of default roles these roles are not updated automatically. (Or, if you have any custom roles that are based on default roles.) If you want these custom roles to include changes to default roles, you must manually apply the changes or recreate the custom roles.

Feedback

Was this page helpful?
Previous

Remove a user from a role

Next

Add a custom RBAC role

Feedback

Was this page helpful?