Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. Cohesity Alta SaaS Protection Administrator's Guide
  3. Install services and utilities
  4. Configuring service accounts for services and utilities
Cohesity Alta SaaS Protection Administrator's Guide

Configuring service accounts for services and utilities

Typically, there are two different account types used to configure each service,

  • A Windows domain or local computer account that you to be used to run this service.

  • An Azure account that has the appropriate access in Cohesity Alta SaaS Protection.

For ease of use, the following service accounts are created as part of the Cohesity Alta SaaS Protection provisioning process.

  • Connector service account

  • Retrieval service account

  • Full admin account

This information will be provided by the Cohesity Alta SaaS Protection support team during the post-provisioning call.

If you do not want to use the default service accounts, you can create your own accounts with the correct permissions as described in the Authorizations required for the service account table. If you create your own accounts, you could use the same account to run the service and connect to Cohesity Alta SaaS Protection.

Authorizations required for the service account in Cohesity Alta SaaS Protection

The service account must be authorized with the following permissions Cohesity Alta SaaS Protection:

Table: Authorizations required for the service account Cohesity Alta SaaS Protection

Services and utilities

Authorizations in Cohesity Alta SaaS Protection

Authorizations in the customer's domain

Connector service

  • API

  • Add Content.

  • Read permission.

  • Write Attributes permission.

Export service

  • API

  • API Impersonation

  • Access All Items

Retrieval service

  • API

  • API Impersonation

  • Access All Items

Export utility

For the administrator:

  • API

  • Access All Items

For the end user:

  • End-User Retrieval

  • End-User Portal

  • Export Utility

Apps Consent Grant utility

 

Global Administrator

Table: Authorizations required for the service accounts in Windows

Services and utilities

Windows Permissions when running the service

Connector service

  • Log on as a service permission

If running a Connector for File System Archiving:

  • Standard Read permissions

  • Write Attributes permission

    The Write Attributes permission is required as Cohesity Alta SaaS Protection suppresses updating the Last Accessed time.

  • Write permission is also required when using the .Hubstorinfo file, which is enabled by default.

Export service

  • Log on as a service permission

  • Modify permissions to the export locations

Retrieval service

  • Log on as a service permission

  • Full control permissions

To configure a service account for services and utilities

  1. Open a web browser and access the Administration portal.
  2. Click Administration.
  3. On the left, expand Permissions > Users and groups.
  4. Click Refine search.
  5. In the Refine search window, enter the user account, and then click Run search.
  6. Click Manage permissions.
  7. In the Manage permissions window, select the required permissions for the service account and then click Assign.

Feedback

Was this page helpful?
Previous

Installing or upgrading services and utilities

Next

About the Apps Consent Grant Utility

Feedback

Was this page helpful?