Assets
Assets permissions include permissions for the following workloads:
See Cloud assets.
See Microsoft SQL Server assets.
See RHV assets.
See Universal shares.
See VMware assets.
Permissions for cloud assets allow users to view, protect, and restore in-cloud workload assets using CloudPoint.
Table: Permissions for cloud assets
Operation | Description | Additional required operations |
|---|---|---|
View | View cloud assets. | |
Manage access | See Manage access. | View |
Granular restore | Restore individual files or folders from a cloud asset. | View |
Protect | Add Cloud assets to a protection plan. | View |
Restore to alternate location | Restore to an alternate location. This permission is required on the source asset. | View On the target asset: Allow restore to overwrite On the target location: View restore targets |
View restore targets | View the available destinations to which to restore an asset. This permission is required on the target asset. | View |
Restore to original location | Restore the cloud asset to its original location. | View On the target location: View restore targets If the original VM exists: Allow restore to overwrite |
Allow restore to overwrite | Overwrite an asset if it exists. | View On the target location: View restore targets |
Update configuration | Connect to or disconnect from a virtual machine. Add, update, or remove a cloud configuration. Edit VM credentials. Generate a token from CloudPoint to establish communication with the agent on the host. | View |
Permissions for Microsoft SQL Server assets allow users to view, protect, and restore SQL Server assets using the NetBackup for SQL Server agent.
Note:
To perform discovery, backups, and restores, valid credentials must exist for an availability group or an instance.
Table: Permissions for SQL Server assets
Operation | Description | Additional required operations |
|---|---|---|
View | View availability groups, instances, and databases. | |
Create | Manually add instances. | View |
Update | Update asset details. Add or update credentials for availability replicas or instances. | View |
Delete | Delete availability replicas or instances. | View |
Manage access | See Manage access. | View |
Restore to alternate location | Restore a database to an alternate server. This permission is required for all SQL Server "MOVE" operations. | View Restore |
Discover availability groups | Manually discover availability groups. To perform discovery, valid credentials must be added to one of the availability group replicas. | View |
Discover databases | Manually discover databases. To perform discovery, valid credentials must be added to the instance. | View |
Instant access | Create an instant access database. | View Restore |
Allow restore to overwrite | Overwrite a SQL Server database if it exists. | View Restore |
Protect | Add SQL Server assets to or remove them from protection plans. | View |
Restore | Restore databases to the original location, a different database, or a different instance. | View |
Validate credentials | Validate credentials when they are added (assigned) to an instance or a replica. This permission is required on the asset. | On the asset these additional permissions are needed: View Update
On the credential the following permissions are needed: Credentials > View Credentials > Assign credentials |
Permissions for RHV assets allow users to view, protect, and restore RHV assets.
Table: Permissions for RHV assets
Operation | Description | Additional required operations |
|---|---|---|
View | View configured RHV managers and RHV assets. | |
View VM intelligent groups. | On the RHV manager that corresponds to the VM group: View | |
Create | Add RHV managers. | View |
Add VM intelligent groups. | View | |
On the RHV manager that corresponds to the VM group: View | ||
Update | Update asset details. Update VM intelligent group contents. Validate credentials | View |
Update VM intelligent groups. | View | |
On the RHV manager that corresponds to the VM group: View | ||
Delete | Delete RHV managers. | View |
Delete VM intelligent groups. | View | |
On the RHV manager that corresponds to the VM group: View | ||
Manage access | See Manage access. | View |
Protect | Add VMs to or remove them from a protection plan. | View |
Add VM intelligent groups to or remove them from protection plans. | On the RHV manager that corresponds to the VM group: View Protect | |
Restore | Restore to original or to an alternate location. | View Global > NetBackup management > NetBackup backup images > View |
On the target location: View restore targets Global > NetBackup management > Access hosts > View | ||
View restore targets | View the available destinations to which to restore an asset. | View |
Allow restore to overwrite | Overwrite an asset if it exists. | View Restore |
Note:
In NetBackup 8.3 and 9.0, the ability to restore from universal share backups is only available from the NetBackup CLI or the Backup, Archive, and Restore interface. Instant access recovery is only available through the NetBackup APIs.
Permissions for universal share assets allow users to view and create instant access mounts from universal share backups images. Permissions to create and manage universal shares are in .
See Global > Storage.
Table: Permissions for universal shares
Operation | Description |
|---|---|
Instant access | View and create instant access mount points on a universal share. Restore from a universal share. Note: When you create a role you can choose whether or not to apply permissions for universal share assets to all and to future universal share assets. If the option is enabled, a role has access to all mount points. Access cannot be provided for individual mount points. Users with this permission can also view the storage server that is associated with the universal share. |
Manage access | See Manage access. |
Permissions for VMware assets allow users to view, protect, and restore VMware assets.
Table: RBAC permissions for VMware assets
Operation | Description | Additional required operations |
|---|---|---|
View | View VMs, vCenter servers, and ESX hosts. | |
View VM intelligent groups. | On the vCenter that corresponds to the VM group: View | |
Create | Add ESX hosts or vCenter hosts. Validate credentials. | View |
Add VM intelligent groups. | View | |
On the vCenter that corresponds to the VM group: View | ||
Update | Update ESX hosts or vCenter hosts and their credentials. Validate credentials. | View |
Update VM intelligent groups. | View | |
On the vCenter that corresponds to the VM group: View | ||
Delete | Delete ESX hosts or vCenter hosts. | View |
Delete VM intelligent groups. | View | |
On the vCenter that corresponds to the VM group: View | ||
Manage access | See Manage access. | View |
Restore to cloud | Restore a VM to the cloud. | View |
Granular restore | Restore individual files or folders from a VM. This permission is required on the source and the target VM. | View Global > NetBackup management > NetBackup backup images > View Global > NetBackup management > NetBackup backup images > View contents |
Instant access - Download files | Download individual files using instant access technology. | View Global > NetBackup management > NetBackup backup images > View |
Instant access - Restore files | Restore individual files using instant access technology. | View Global > NetBackup management > NetBackup backup images > View Global > NetBackup management > NetBackup backup images > View contents |
Instant access | Create an instant access VM. | View Global > NetBackup management > NetBackup backup images > View |
Protect | Add VMware assets to or remove them from protection plans. | View |
Add VMware intelligent groups to or remove them from protection plans. | On the vCenter that corresponds to the VM group: View Protect | |
Restore | Restore to the original or to an alternate location. | View Global > NetBackup management > NetBackup backup images > View Global > NetBackup management > Access hosts > View |
On the target location: View restore targets | ||
View restore targets | View the available destinations to which to restore an asset. | View |
Allow restore to overwrite | Allow a restore to overwrite an existing asset. Without this permission a user must restore an existing asset to a different location. | View Restore |