Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. IT Analytics Help
  3. Section VII. Data Collector Installation and Configuration for Cohesity NetBackup
  4. Configure a Veritas NetBackup Data Collector Policy
  5. Create NetBackup Data Collector Role, Service Account, and API Key

Create NetBackup Data Collector Role, Service Account, and API Key

A Data Collector Service Account and API key is used while configuring the Cohesity NetBackup Data Collector policy. This must be configured to enable complete collection from NetBackup. Create a Data Collector Service Account and add an RBAC custom role in the NetBackup Web UI. This option of applying permissions to a custom role is applicable for NetBackup 9.0 and later. If you enter a non-root user, you must create a custom role in the NetBackup Web UI RBAC screen with the following permissions and attach the role to a service account.

Custom role

To create the custom role within the NetBackup Web UI:

  1. On the left, click Security > RBAC.
  2. Under the Roles tab, click Add.
  3. Select Custom role and click Next.
  4. Enter the Role Name and Role Description.
  5. Under Permissions, click Assign.
    • Select all the View  permissions for all the objects under  NetBackup Management,  Protection, and  Storage sections of the NetBackup web UI.

    • From the NetBackup Management  >  CLI Sessions section, enable  CLI Execute.

    • From the NetBackup Management  >  Malware  section, enable  View scan results.

    • From the  RBAC  >  (Edit RBAC customs role)  >  Global Permission  tab >  Security  > enable  View  permission for  Global Security Settings.

    • From the RBAC  >  (Edit RBAC customs role)  >  Global Permission tab >  Security  > enable View permission for Security Events.

  6. Select Users tab and Add to List service account to be associated with this role.
API key

Copy the API key generated with these steps for future use. It will be required while configuring the NetBackup Collection Policy.

To add an API key:

  1. Select Security > Access keys on the NetBackup Web UI.
  2. Enter the Username and Description.

    The service account associated with the API key and the Role, must be the same service account that is associated with the Veritas NetBackup Collection Policy in IT Analytics.

  3. Click ADD.

If you are configuring a Centralized Data Collector with SSH access to the NetBackup primary, then you must create a second user in addition to the account created in the steps above. This second user must be an OS user with an identical username, same as the account you just created. See the section Linux Centralized Data Collector: SSH for instructions on how to create the second account.

See Linux Centralized Data Collector: SSH.

Feedback

Was this page helpful?
Previous

Prerequisites for collection from Cohesity NetBackup deployed on Kubernetes clusters

Next

Add a Veritas NetBackup Data Collector policy

Feedback

Was this page helpful?