ONTAP 9 Manuals ( CA08871-402 )

List of supported privileges

ONTAP has a predefined set of supported privileges. Certain predefined local groups have some of these privileges added to them by default. You can also add or remove privileges from the predefined groups or create new local users or groups and add privileges to the groups that you created or to existing domain users and groups.

The following table lists the supported privileges on the storage virtual machine (SVM) and provides a list of BUILTIN groups with assigned privileges:

Privilege name Default security setting Description

SeTcbPrivilege

None

Act as part of the operating system

SeBackupPrivilege

BUILTIN\Administrators, BUILTIN\Backup Operators

Back up files and directories, overriding any ACLs

SeRestorePrivilege

BUILTIN\Administrators, BUILTIN\Backup Operators

Restore files and directories, overriding any ACLs Set any valid user or group SID as the file owner

SeTakeOwnershipPrivilege

BUILTIN\Administrators

Take ownership of files or other objects

SeSecurityPrivilege

BUILTIN\Administrators

Manage auditing

This includes viewing, dumping, and clearing the security log.

SeChangeNotifyPrivilege

BUILTIN\Administrators, BUILTIN\Backup Operators, BUILTIN\Power Users, BUILTIN\Users, Everyone

Bypass traverse checking

Users with this privilege are not required to have traverse (x) permissions to traverse folders, symlinks, or junctions.

Top of Page