Search <book_title>...

Veritas NetBackup™ Security and Encryption Guide

Last Published: 2021-01-01

Product(s): NetBackup (9.0.0.1, 9.0)

Default RBAC roles

The NetBackup web UI provides several default RBAC roles with preconfigured permissions and settings.

Note:

Veritas reserves the right to update the RBAC permissions for default roles in future releases. Any revised permissions are automatically applied to users of these roles when NetBackup is upgraded. If you have copies of default roles (or any custom roles that are based on default roles), these roles are not updated automatically. If you want these custom roles to include changes to default roles, you must manually apply the changes or recreate the custom roles.

Administrator

The Administrator role has full permissions for NetBackup and can manage all aspects of NetBackup, including security, storage, protection plans, policies, jobs, and credentials.

Default Cloud Administrator

This role has all the permissions that are necessary to manage cloud assets and to back up those assets with protection plans.

Table: RBAC permissions for Default Cloud Administrator role

Type	Permissions
Global permissions > NetBackup management
NetBackup backup images	View Contents, View
Jobs	View
Media server	View
Trusted master servers	View
Snapshot management server plug-ins	View, Create, Update, Manage access
Snapshot management servers	Full permissions
Global permissions > Storage
Storage units	View
Replication-capable target storage servers	View
Workloads
Cloud assets	Full permissions
Protection plans
	Full permissions

Default Microsoft SQL Server Administrator

This role has all the permissions that are necessary to manage SQL Server databases and to back up those assets with protection plans. In addition to this role, the NetBackup user must meet the following requirements:

Member of the Windows administrator group.
Have the SQL Server "sysadmin" role.

Table: RBAC permissions for Default Microsoft SQL Server Administrator role

Type	Permissions
Global permissions > NetBackup management
Jobs	View
Trusted master servers	View
Global permissions > Storage
Storage units	View
Replication-capable target storage servers	View
Workloads
SQL Server assets	Full permissions
Protection plans
	Full permissions
Credentials
	Full permissions

Default Resiliency Administrator

This role has all the permissions to protect Veritas Resiliency Platform (VRP) for VMware assets.

Table: RBAC permissions for Default Resiliency Administrator role

Type	Permissions
Global permissions > NetBackup management
Resiliency domain	Full permissions
Credentials
	Full permissions

Default RHV Administrator

This role has all the permissions that are necessary to manage Red Hat Virtualization machines and to back up those assets with protection plans.

Table: RBAC permissions for Default RHV Administrator role

Type	Permissions
Global permissions > NetBackup management
Access hosts	View, Create, Delete
Hosts	Update, View
Jobs	View
Resource limits	View, Create, Update, Delete
Trusted master servers	View
Global permissions > Storage
Storage units	View
Replication-capable target storage servers	View
Workloads
RHV assets	Full permissions
Protection plans
	Full permissions

Default Security Administrator

This role has permissions to manage NetBackup security including role-based access control (RBAC), certificates, hosts, identity providers and domains, global security settings, and other permissions. This role can also view settings and assets in most areas of NetBackup, including workloads, storage, licensing, and other areas.

Table: RBAC permissions for Default Security Administrator role

Type	Permissions
Global permissions > NetBackup management
Access hosts	View, Manage access
Data classifications	View, Manage access
Credentials	View, Manage access
Email notifications	View, Manage access
Event logs: Messages, Notifications	View, Manage access
NetBackup hosts	Full permissions
Image sharing: Amazon Machine Image (AMI) Cloud images, Cloud VM IDs	View, Manage access
NetBackup backup images	View, Manage access
Jobs	View, Manage access
Licensing	View, Manage access
Media server	Full permissions
Remote master server certificate authority	Full permissions
Resiliency domain	View, Manage access
Resource limits	View, Manage access
Retention levels	View, Manage access
Trusted master servers	Full permissions
Cloud providers	View, Manage access
Cloud providers: Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP)	View, Manage access
CloudPoint servers	View, Manage access
WebSocket servers	View, Manage access
Global permissions > Protection
Policies	View, Manage access
Storage lifecycle policies (SLPs)	View, Manage access
Global permissions > Security
Security events	View, Manage access
Certificate management: Certificate authorities, ECA, NetBackup certificates, Tokens	Full permissions
Disaster recovery passphrase	Full permissions
Identity provider configuration	Full permissions
Key Management Services	Full permissions
Passphrase constraints	Update (Full permissions)
Global security settings	Full permissions
Trust versions	View, Manage access
User sessions and authentication: API keys, User certificates, User sessions	Full permissions
Global permissions > Storage
Cloud storage, Disk pools, Storage Key Management Services, Storage servers, Disk volumes, Storage units	View, Manage access
Tape media: Tape media server groups, Tape media volume pools	View, Manage access
Replication-capable target storage servers	View, Manage access
Workloads
Cloud, SQL Server, RHV, VMware	View, Manage access
Protection plans
View, Manage access
Credentials
View, Manage access

Default Storage Administrator

This role has permissions to configure and manages disk-based storage and cloud storage.

Table: RBAC permissions for Default Storage Administrator role

Type	Permissions
Global permissions > NetBackup management
Media server	View
Remote master server certificate authority	View
Trusted master servers	View, Create, Update, Delete
Global permissions > Security
NetBackup security tokens	View, Create
Key Management Services	View, View key details
Global permissions > Storage
Cloud storage	View
Disk pools	View, Create, Update, Delete
Storage servers	View, Create, Update, Delete
Disk volumes	View, Create, Update
Storage units	View, Create, Update, Delete
Replication-capable target storage servers	View

Default VMware Administrator

This role has all the permissions that are necessary to manage VMware virtual machines and to back up those assets with protection plans.

Table: RBAC permissions for Default VMware Administrator role

Type	Permissions
Global permissions > NetBackup management
Access hosts	View, Create, Delete
Hosts	View, Update
Host properties	View, Create, Update
NetBackup images	View, View contents
Jobs	View
Resource limits	View, Create, Update, Delete
Trusted master servers	View
Global permissions > Storage
Storage units	View
Replication-capable target storage servers	View
Workloads
VMware assets	Full permissions
Protection plans
Full permissions