Predefined BUILTIN groups and default privileges

You can assign membership of a local user or domain user to a predefined set of BUILTIN groups provided by Data ONTAP. Predefined groups have predefined privileges assigned.

The following table describes the predefined groups:
Predefined BUILTIN group Default privileges
BUILTIN\Administrators

RID 544

When first created, the local Administrator account, with a RID of 500, is automatically made a member of this group. When the Storage Virtual Machine (SVM) is joined to a domain, the domain\Domain Admins group is added to the group. If the SVM leaves the domain, the domain\Domain Admins group is removed from the group.

  • SeBackupPrivilege
  • SeRestorePrivilege
  • SeSecurityPrivilege
  • SeTakeOwnershipPrivilege
  • SeChangeNotifyPrivilege
BUILTIN\Power Users

RID 547

When first created, this group does not have any members. Members of this group have the following characteristics:

  • Can create and manage local users and groups.
  • Cannot add themselves or any other object to the BUILTIN\Administrators group.
SeChangeNotifyPrivilege
BUILTIN\Backup Operators

RID 551

When first created, this group does not have any members. Members of this group can override read and write permissions on files or folders if they are opened with backup intent.

  • SeBackupPrivilege
  • SeRestorePrivilege
  • SeChangeNotifyPrivilege
BUILTIN\Users

RID 545

When first created, this group does not have any members (besides the implied Authenticated Users special group). When the SVM is joined to a domain, the domain\Domain Users group is added to this group. If the SVM leaves the domain, the domain\Domain Users group is removed from this group.

SeChangeNotifyPrivilege
Everyone

SID S-1-1-0

This group includes all users, including guests (but not anonymous users). This is an implied group with an implied membership.

SeChangeNotifyPrivilege