Predefined BUILTIN groups and default privileges

12/09/2021 Contributors

You can assign membership of a local user or domain user to a predefined set of BUILTIN groups provided by ONTAP. Predefined groups have predefined privileges assigned.

The following table describes the predefined groups:

Predefined BUILTIN group Default privileges

Predefined BUILTIN group	Default privileges
`BUILTIN\Administrators`RID 544 When first created, the local `Administrator` account, with a RID of 500, is automatically made a member of this group. When the storage virtual machine (SVM) is joined to a domain, the `domain\Domain Admins` group is added to the group. If the SVM leaves the domain, the `domain\Domain Admins` group is removed from the group.	`SeBackupPrivilege` `SeRestorePrivilege` `SeSecurityPrivilege` `SeTakeOwnershipPrivilege` `SeChangeNotifyPrivilege`
`BUILTIN\Power Users`RID 547 When first created, this group does not have any members. Members of this group have the following characteristics: Can create and manage local users and groups. Cannot add themselves or any other object to the `BUILTIN\Administrators` group.	`SeChangeNotifyPrivilege`
`BUILTIN\Backup Operators`RID 551 When first created, this group does not have any members. Members of this group can override read and write permissions on files or folders if they are opened with backup intent.	`SeBackupPrivilege` `SeRestorePrivilege` `SeChangeNotifyPrivilege`
`BUILTIN\Users`RID 545 When first created, this group does not have any members (besides the implied `Authenticated Users` special group). When the SVM is joined to a domain, the `domain\Domain Users` group is added to this group. If the SVM leaves the domain, the `domain\Domain Users` group is removed from this group.	`SeChangeNotifyPrivilege`
`Everyone`SID S-1-1-0 This group includes all users, including guests (but not anonymous users). This is an implied group with an implied membership.	`SeChangeNotifyPrivilege`

BUILTIN\AdministratorsRID 544

When first created, the local Administrator account, with a RID of 500, is automatically made a member of this group. When the storage virtual machine (SVM) is joined to a domain, the domain\Domain Admins group is added to the group. If the SVM leaves the domain, the domain\Domain Admins group is removed from the group.

SeBackupPrivilege
SeRestorePrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeChangeNotifyPrivilege

BUILTIN\Power UsersRID 547

When first created, this group does not have any members. Members of this group have the following characteristics:

Can create and manage local users and groups.
Cannot add themselves or any other object to the BUILTIN\Administrators group.

SeChangeNotifyPrivilege

BUILTIN\Backup OperatorsRID 551

When first created, this group does not have any members. Members of this group can override read and write permissions on files or folders if they are opened with backup intent.

SeBackupPrivilege
SeRestorePrivilege
SeChangeNotifyPrivilege

BUILTIN\UsersRID 545

When first created, this group does not have any members (besides the implied Authenticated Users special group). When the SVM is joined to a domain, the domain\Domain Users group is added to this group. If the SVM leaves the domain, the domain\Domain Users group is removed from this group.

SeChangeNotifyPrivilege

EveryoneSID S-1-1-0

This group includes all users, including guests (but not anonymous users). This is an implied group with an implied membership.

SeChangeNotifyPrivilege

Related information

Guidelines for using BUILTIN groups and the local administrator account

List of supported privileges

Configuring bypass traverse checking

Predefined BUILTIN groups and default privileges

Creating your file...