| • | Administrator: This role allows the user to administer NetVault and perform all functions in NetVault. | 
| • | Backup Administrator: This role allows the user to administer backup and restore jobs and perform device- and media-related functions. | 
| • | Backup Operator: This role allows the user to run and manage backup jobs. This role also allows the user to administer restore jobs. | 
| • | Helpdesk: This role allows the user to perform restore jobs. | 
| • | Media Operator: This role allows the user to perform device- and media-related functions. | 
| • | Monitor: This role allows the user to monitor clients, devices, jobs, and storage media. | 
The following table lists the privileges included in the predefined Presets.
NetVault installed on a Windows or Linux machine can communicate with Microsoft Active Directory (AD). Additionally, NetVault installed on a Linux machine can communicate with OpenLDAP Directory Services and Samba Active Directory. Integrating AD with NetVault enables role-based access control in NetVault. It lets users log in to NetVault using their AD credentials. It also lets AD users manage NetVault users.
| • | Host name of the Linux machine should be set to its FQDN. (For example, mymachine.mydomain.com) | 
| • | Samba Winbind: Under the [global] section, smb.conf must have the following entry: | 
| • | SSSD: under the [domain/<domain name>] section, sssd.conf must have the following entry: | 
| • | Samba Winbind: Under the [global] section, smb.conf must have the following entry: | 
| • | SSSD: Under the [domain/<domain name>], to retrieve domain controller groups and to fetch groups from child and trusted domains, respectively, the sssd.conf must have the following entries: | 
| • | While logging in or adding a domain user, using the DNS suffix with the domain name is recommended; for example, domain.local\user or username@dns.local. | 
| • | In the /etc/pam.d/passwd file, add: | 
| • | In the /etc/sssd/sssd.conf file, add: | 
| • | 
| • | No one can change an AD user’s password or set the password to use the Password never expires option. | 
| • | A local NetVault Administrator or an AD NetVault user with administrative privileges can change user-based information that is accessed by using the Modify Details option as this information is stored in the NetVault Database. However, if the secure mode is enabled, the NetVault administrator and other users are allowed to edit or change only E-mail 2 and E-mail 3 of an AD NetVault user. | 
An administrator can perform the following tasks in NetVault: