Forum Discussion

  • The standard Java GUI doesn't provide the level of granularity I think you are looking for here. You can grant a user access to policies as per Riaan's instructions above, but they then have full access to those, not read-only (from what I recall).

    You would need to look into the Role Based Access Controls (which is not something to be considered lightly!) to get deeper granularity than this. See the RBAC section in the NetBackup Security & Encryption Documentation, link to 6.5 material is below.

    http://www.symantec.com/business/support/index?page=content&id=TECH52825

    Regards,

    max.

  • Hi,

     

    You could do this by installing the NetBackup-Java Console (this is not the remote adminstration console that comes with windows)

    Please check the NetBackup System Administrator’s Guide for Windows, Volume I for more details. Here is the basics of what to configure in your auth.conf file. If the file is not there, simply create it.

    Authorization File Characteristics
    The released version of the UNIX /usr/openv/java/auth.conf file is installed on all NetBackup-Java capable hosts and contains only the following entries:
    root ADMIN=ALL JBP=ALL
    * ADMIN=JBP JBP=ENDUSER+BU+ARC


    The first field of each entry is the user name that is granted access to the rights specified by that entry. In the released version, the first field allows root users to use all of the NetBackup-Java applications.
    An asterisk in the first field indicates that any user name is accepted and the user is allowed to use the applications as specified. If the auth.conf file exists, it must have an entry for each user or an entry containing an asterisk (*) in the username field; users without entries cannot access any NetBackup-Java applications. Any entries that designate specific user names must precede a line that contains an asterisk in the username field.
    Note The asterisk specification cannot be used to authorize all users for any administrator capabilities. Each user must be authorized via individual entries in the auth.conf file.
    If you wish to deny all capabilities to a specific user, add a line indicating the user before a line starting with an asterisk. For example:
    mydomain\ray ADMIN= JBP=
    * ADMIN=JBP JBP=ENDUSER+BU+ARC


    Explanation of the attributes

     

    ALL = Administration of all applications
    AM = Activity Monitor
    BMR = Bare Metal Restore
    BPM = Backup Policy Management
    BAR or JBP = Backup, Archive and Restore
    CAT = Catalog
    DM = Device Manager
    HPD = Host Properties
    MM = Media Management
    REP = Reports
    SUM = Storage Unit Management
    VLT = Vault Management

  • Max is correct. I've assumed you meant check the policies in the activity monitor when you say "check policies". In other words, monitor the backups.

     

    If you want to give read-only access then you'll need NBAC, or OpsCenter.

  • thanks Max

    i found Vxss not active , and I am trying to fix this, i think this will help me

    best regard