Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Security and Encryption Guide
  3. Section I. Identity and access management
  4. NetBackup Access Control Security (NBAC)
  5. Viewing specific user permissions for NetBackup user groups
  6. Service authorization object permissions
NetBackup™ Security and Encryption Guide

Service authorization object permissions

The following table shows the permissions that are associated with the Service authorization object.

Table: Service authorization object permissions

Set

Activity

NBU_Operator

NBU_Admin

NBU_SAN Admin

NBU_User

NBU_Security Admin

Vault_Operator

NBU_KMS Admin

Browse

Browse

X

X

---

---

---

X

---

Read

Read

X

X

---

---

---

X

---

Operate

Stop

X

X

---

---

---

---

---

The Read and Browse permissions do not have an effect on the Daemons tab. This information is harvested from the server using user level calls. The calls are used to access the process task list and is displayed to all users for informational purposes.

If a user is not a member of the NBU_Admin user group, but is logged on as an OS administrator (Administrator or root), then:

  • The user is able to restart a service from within the NetBackup Administration Console or from the command line.

  • The user is able to stop a service from within the NetBackup Administration Console but not from the command line.

If a user is not a member of the NBU_Admin user group, but is logged on as an OS administrator (root). That user is able to restart a daemon from the command line only:

    /etc/init.d/netbackup start

If a user is a member of the NBU_Admin user group, but is not logged on as an OS administrator (Administrator), then:

  • The user is not able to restart a service from within the NetBackup Administration Console or from the command line.

  • The user is not able to stop a service from within the NetBackup Administration Console but the user can use the command line.

    (For example, bprdreq -terminate, bpdbm -terminate, or stopltid.)

If a user is a member of the NBU_Admin user group, but is not logged on as an OS administrator (root). That user is not able to restart a daemon from the NetBackup Administration Console or from the command line.

Feedback

Was this page helpful?
Previous

Job authorization object permissions

Next

HostProperties authorization object permissions

Feedback

Was this page helpful?