Forum Discussion

Tabriz's avatar
Tabriz
Level 5
3 years ago

Create Read Only User

Who has experience related to this issue? I read about the NBAC. But l don't to do risk). Who can help me to do this procedure correctly? So, in our infrastructure, the Master and Media Server are ...
  • davidmoline's avatar
    davidmoline
    3 years ago

    HI Tabriz 

    I agree with Nicolai that NBAC is a beast and should be avoided. What are you trying to achive though? What do you want to allow (or stop) your user from doing? (I'd suggest RBAC, but of course this is not possible for the version you are using).

    As for auth.conf, the following should help you craft an entry for a particular user - there are more details on this in one of the Server Admin guides

    The following is a sample content of the auth.conf file on a Windows NetBackup master server:
    Windows-domain\BKADMIN ADMIN=ALL JBP=ALL
    Windows-domain\BKOPS ADMIN=AM JBP=ENDUSER+BU
    * ADMIN=JBP JBP=ENDUSER+BU

    The above sample auth.conf file allows:

    • Windows-domain\BKADMIN user to fully manage the NetBackup environment
    • Windows-domain\BKOPS user to monitor NetBackup Activity Monitor and, perform backup and restore tasks
    • All other users to use BAR GUI and, perform backup and restore tasks

    The auth.conf file can be configured with specific Windows domain users with ADMIN and JBP keywords (this assumes the system can authenticate using AD, otherwise use local system users).

    ADMIN keyword specifies the NetBackup administration applications and the related administrator capabilities.

    JBP keyword specifies the NetBackup Backup, Archive, and Restore client application (BAR GUI) and the related capabilities.

    The table below shows the NetBackup Java Authorisation ADMIN keywords.

    Table 1 Java Authorisation Admin Keywords

    ADMIN Keyword

    Capability/Application

    ALL

    Indicates that the user has administrative privileges for all of the applications that are listed in this table.

    AM

    Activity Monitor

    BMR

    Bare Metal Restore

    BPM

    Backup Policy Management

    BAR or JBP

    Backup, Archive, and Restore

    CAT

    Catalog

    DM

    Device Monitor

    HPD

    Host Properties

    MM

    Media Management

    REP

    Reports

    SUM

    Storage Unit Management

    VLT

    Vault Management

     

    The table below shows the NetBackup Java Authorisation JBP keywords.

    Table 2 Java Authorisation JBP Keywords

    JBP Keyword

    Capability/Application

    ALL

    Allows the users to perform all actions, including server-directed restores. (Restores to a client that is different from the client that is logged into.) Server-directed restores can only be performed from a NetBackup master server.

    ENDUSER

    Allows the users to perform restore tasks from true image or regular backups plus redirected restores.

    BU

    Allows the users to perform backup tasks.

    ARC

    Allows the users to perform archive tasks. The capability to perform backups (BU) is required to allow archive tasks.

    RAWPART

    Allows the users to perform raw partition restores.
Tabriz's avatar
Tabriz
Level 5

Dear davidmoline ,

 

Firstly, Thank you for the wide information.
I'm sorry l couldn't understand quite.

I created a new user in NBU Appliance 5230. with this command
Main->Support>Manage>Create username

But after creating the user l couldn't log in to Java Administration Console( Client Software for monitoring and backup the hosts).

For login, the GUI (Client Software) do l must add the new user to auth.conf? in which the admin user was added.

 

Br,

 

Tabriz

Tabriz's avatar
Tabriz
Level 5
3 years ago

Dear davidmolineNicolai ,

 

Thank you for the everything !

I created r/o user Thanks !

 

Best Regards,

 

Tabriz