About controlling access to Veritas System Recovery
You can use the Security Configuration Tool to grant the necessary permissions to access the agent, or the full Veritas System Recovery user interface.
When you use the Security Configuration Tool, any permission that you grant to the Users group applies to the members within that group.
Note: The agent service can only be run as LocalSystem or by a user who belongs to the Administrator's group.
The following table describes the permissions that can be allowed or denied for user and groups who use the Veritas System Recovery Agent.
Table: Permission options
| Option | Description |
|---|---|
| Full Control | Gives the user or the group complete access to all Veritas System Recovery functionality as if they are the administrator. If you do not want users to define, change, or delete backups, or to manage recovery point storage, do not give them Full Control. |
| Status Only | Users or groups can get status information, and can run a backup job. But they cannot define, change, or delete any backup jobs, or use any other function of the product. |
| Deny | Users cannot perform any function, or see any information. They are blocked from any access to Veritas System Recovery. |
A deny setting takes precedence over an inherited allow setting. For example, a user who is a member of two groups is denied permissions if the settings for one of the groups denies permissions. User-denied permissions override group-allow permissions.