Create Read Only User
Who has experience related to this issue? I read about the NBAC.
But l don't to do risk). Who can help me to do this procedure correctly?
So, in our infrastructure, the Master and Media Server are the same.
How to create a read-only user for NBU Client (Console Administration 7.7.3.
Thanks beforehand!
Best regards,
Tabriz
HI Tabriz
I agree with Nicolai that NBAC is a beast and should be avoided. What are you trying to achive though? What do you want to allow (or stop) your user from doing? (I'd suggest RBAC, but of course this is not possible for the version you are using).
As for auth.conf, the following should help you craft an entry for a particular user - there are more details on this in one of the Server Admin guides
The following is a sample content of the auth.conf file on a Windows NetBackup master server:
Windows-domain\BKADMIN ADMIN=ALL JBP=ALL
Windows-domain\BKOPS ADMIN=AM JBP=ENDUSER+BU
* ADMIN=JBP JBP=ENDUSER+BUThe above sample auth.conf file allows:
- Windows-domain\BKADMIN user to fully manage the NetBackup environment
- Windows-domain\BKOPS user to monitor NetBackup Activity Monitor and, perform backup and restore tasks
- All other users to use BAR GUI and, perform backup and restore tasks
The auth.conf file can be configured with specific Windows domain users with ADMIN and JBP keywords (this assumes the system can authenticate using AD, otherwise use local system users).
ADMIN keyword specifies the NetBackup administration applications and the related administrator capabilities.
JBP keyword specifies the NetBackup Backup, Archive, and Restore client application (BAR GUI) and the related capabilities.
The table below shows the NetBackup Java Authorisation ADMIN keywords.
Table 1 Java Authorisation Admin Keywords
ADMIN Keyword
Capability/Application
ALL
Indicates that the user has administrative privileges for all of the applications that are listed in this table.
AM
Activity Monitor
BMR
Bare Metal Restore
BPM
Backup Policy Management
BAR or JBP
Backup, Archive, and Restore
CAT
Catalog
DM
Device Monitor
HPD
Host Properties
MM
Media Management
REP
Reports
SUM
Storage Unit Management
VLT
Vault Management
The table below shows the NetBackup Java Authorisation JBP keywords.
Table 2 Java Authorisation JBP Keywords
JBP Keyword
Capability/Application
ALL
Allows the users to perform all actions, including server-directed restores. (Restores to a client that is different from the client that is logged into.) Server-directed restores can only be performed from a NetBackup master server.
ENDUSER
Allows the users to perform restore tasks from true image or regular backups plus redirected restores.
BU
Allows the users to perform backup tasks.
ARC
Allows the users to perform archive tasks. The capability to perform backups (BU) is required to allow archive tasks.
RAWPART
Allows the users to perform raw partition restores.