Forum Discussion

dinu4010's avatar
dinu4010
Level 3
7 years ago

Netbackup appliance granular level access for java console

hi experts, 

I run netbackup appliance 5230 as a master server in my environment and would like to set up granular level roles and privilages for AD users registered with appliance. but appliance has only 2 roles by default. 

i would like to provide granular level acccess to users who login remote java admin console. i kno we do have NBAC for windows master servers. but for netbackup appliance as a master server, could someone please assist me if we have any option for setting up granular level access for user who login java console.

  • CadenL's avatar
    CadenL
    7 years ago

    hmmm - ok...... I don't get this

    So I guess you're perhaps setup with a task to synchronise the group members daily. This is default but I believe can be be deleted once you've all your users setup and configured how you want them. It can become awkward though, if you need to add and remove users on a regualr basis, as you need to recreate the task and then reconfigure the users in auth.conf from scratch - before removing the task again.

    Take a look at the available options for 'SyncGroupMembers' in the CLISH

    This type of config is not likely to be suitable for some environments and perhaps also why it's still not supported - it's ok for me but then I only have the need to configure a handful of local users that don't change at all. Always make sure you have a backup of the file before editing.

  • Hi

    I'm not sure if this is officially supported on an Appliance, but you can edit the auth.conf file and set granulaity there. If you add the users via the Web gui or the CLISH, the appliance will automatically add the users into the auth.conf as either Admin=ALL and\or JBP=ALL. Once the users are added you can then edit the permissions manually to make the roles more granular.- eg Admin=AM+MM to allow the user access to Activity Monitor and Media Management only.

    As I said - I don't think this is officially supported on an Appliance but it does work

     

    • dinu4010's avatar
      dinu4010
      Level 3
      Thanks for your reply. But when I edit the auth. Conf with granular permissions for users added in auth.conf file. It gets reset every day automatically. How can we sort this out.
      • CadenL's avatar
        CadenL
        Level 6

        hmmm - ok...... I don't get this

        So I guess you're perhaps setup with a task to synchronise the group members daily. This is default but I believe can be be deleted once you've all your users setup and configured how you want them. It can become awkward though, if you need to add and remove users on a regualr basis, as you need to recreate the task and then reconfigure the users in auth.conf from scratch - before removing the task again.

        Take a look at the available options for 'SyncGroupMembers' in the CLISH

        This type of config is not likely to be suitable for some environments and perhaps also why it's still not supported - it's ok for me but then I only have the need to configure a handful of local users that don't change at all. Always make sure you have a backup of the file before editing.