Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Web UI Administrator's Guide
  5. Section I. Managing security
  7. Managing role-based access control
  9. Role permissions

Role permissions

Role permissions define the operations that roles users have permission to perform.

Table: Role permissions for NetBackup RBAC

Category

Description

Global

Global permissions apply to all assets or objects. For example, in NetBackup 8.3, Jobs or Hosts permissions cannot be applied to specific jobs or hosts. A role with Jobs or Hosts permissions apply to all jobs or hosts.

  • NetBackup management

Configuration and management of NetBackup.

See Global > NetBackup management.

  • Protection

NetBackup backup policies and storage lifecyle policies.

See Global > Protection.

  • Security

NetBackup security settings.

See Global > Security.

  • Storage

Manage backup storage settings.

See Global > Storage.

Assets

Manage assets Cloud, Microsoft SQL Server, RHV, Universal shares, and VMware.

See Assets.

Note:

Assets can only be added when you create a role and cannot be added to an existing role.

Protection plans

Manage how backups are performed with protection plans.

See Protection plans.

Note:

Protection plans can only be added when you create a role and cannot be added an existing role.

Credentials

Manage credentials for Microsoft SQL Server and external KMS.

See Credentials.

Note:

Credentials can only be added when you create a role and cannot be added to an existing role.

Notes for using NetBackup RBAC

Note the following when you configure the permissions for RBAC roles:

  • RBAC only controls access to the web UI and not the NetBackup Administration Console.

  • When you create roles, be sure to enable the minimal number of permissions so the user can sign in to and use the web UI. Some individual permissions do not have a direct correlation with a screen in the web UI. Users that attempt to sign in but that only have a permission of this kind receive an "Unauthorized" message.

  • If a user is added to or removed from a role, the user must sign out and sign in again before the user's permissions are updated.

  • Most permissions are not implicit.

    In most cases a Create permission does not give a user View permission. A Recovery permission does not give a user View permission or other recovery options like Overwrite.

  • Not all RBAC-controlled operations can be used from the NetBackup web UI. (For example, NetBackup backup images can only be viewed and managed from the APIs or the NetBackup Administration Console.) These types of operations are included in RBAC so a role administrator can create roles for API users as well as web UI users.

  • Some tasks require a user to have permissions in multiple RBAC categories. For example, to establish a trust relationship with a remote master server, a user must have permissions for both Remote master servers and Trusted master servers.

Feedback

Was this page helpful?
Previous

Remove a user from a role

Next

Global > NetBackup management

Feedback

Was this page helpful?