NetBackup Access Management is used to define user groups, specify which actions each user group can perform, and assign users to those user groups. Each user group can perform only the actions explicitly granted and no others.
When Vault is installed and licensed, NetBackup includes a Vault Operator user group that has permission to perform the operator actions necessary for the Vault process.
Table: Vault Operator permission sets defaults lists the permissions that the Vault Operator user group has in NetBackup Access Management terminology.
Table: Vault Operator permission sets defaults
These permissions are granted only in the scope of actions performed in Vault. For example, the Vault Operator group has permission to update databases, but only to the extent allowed by Vault, such as when ejecting media changes volume group information for the volume ejected. As defined in the default permission sets, the Vault Operator cannot use the NetBackup Administration Console to change database information that is not related to the operate media actions.
If you use Access Management to administer access by using the default Vault Operator group, those permission sets and permissions apply regardless of whether the actions are initiated from the Vault Operator Menu or the NetBackup Administration Console.
A NetBackup Security Administrator (a user group defined within NetBackup Access Management) can use Access Management to add users to the Vault Operator group and change the permission sets and permissions of the Vault Operator group. A Security Administrator also can create new user groups to define new roles.
Because you can change which actions user groups can perform, the Vault documentation cannot specify which actions are or are not allowed by Access Management. If an action cannot be performed because of access management restrictions, NetBackup Administration Console messages will explain the restriction.
See "Access Management" in the NetBackup System Administrator's Guide, Volume II.