Configuring role-based access settings

Last published : Apr 02, 2026
Backup Exec provides the ability to configure role-based access control (RBAC) and gives additional security by controlling the level of access to the Backup Exec console. Use RBAC to assign roles for the Windows users.
By default, role-based access is disabled and can be enabled by providing Owner of System Logon Account credentials. The Owner of the System Logon Account by default has an administrator role and cannot be modified or removed. You must have an administrator role or be Owner of a System Logon Account to be able to manage users within RBAC.
After role-based access control is enabled, only users that are added in the list can log on to Backup Exec or perform operations in BEMCLI.
To configure role-based access settings
  1. Click the Backup Exec button, select Configuration and Settings, and then selectRole-Based Access Settings.
The role-based access control feature is disabled by default.
  1. Click Enable and enter the Owner of System Logon Account credentials to enable the feature.
After the credentials are verified, the Owner of System Logon Account has the administrator role. The role cannot be modified or removed.
To disable role-based access control, click Disable, enter the Owner of System Logon Account credentials and then clickOK.
  1. Do any of the following:
    • Click Add to add a new user in the role-based access control list.
The user is displayed in the Role-Based Access dialog box along with the roles assigned to each user.
  • Select a user and click Edit to update the roles.
  • Select a user and click Remove to delete the user from the role-based access control list.
  • Select a user and click Detailsto view additional information about the user and then clickOK.
  • Select a user to view the roles that are assigned.
Use the Roles section to update the roles.
For more information about the roles and their details, refer to the following section:
See RBAC role details.
Add a new user in the role-based access control list
You can add new users in the role-based access control list.
To add a new user in the role-based access control list
  1. On the Role-Based Access dialog box, click Add.
  2. On the Add New User dialog box, enter the name of a new user account to be added to the role-based access control list.
  3. Click Verify to authenticate the user.
    Note: The user that you add must be part of the local Windows administrator group.
  4. Select the Connect to the target domain or machine check box if the new user account for role-based access cannot be verified or if the user is part of a different domain or computer.
  5. Enter the administrator credentials to connect to the target domain or computer and retrieve the user account details.
  6. Click Verify to authenticate the user.
After the verification is completed, Windows Group displays the group that the user is part of.
  1. Select the roles that you want to assign to the user.
You can also assign multiple roles to the same user.
The following roles can be assigned to a user:
  • Administrator-Storage Administrator-Backup and Restore-View Only
For more information about the roles and their details, refer to the following section:
See RBAC role details.
  1. Click Add.
The user is added and displayed in the Role-Based Access dialog box.
Edit a role in the role-based access control list
You can edit the roles of a user in the role-based access control list.
To edit a role in the role-based access control list
  1. On the Role-Based Access dialog box, select a user and click Edit.
  2. In the Roles section, select or remove any roles.
  3. Click Save.
The roles for a user are updated.