Forum Discussion

HermannSchmidt's avatar
6 years ago

NetBackup granular permissions for restore

Hi,

First I try to explain, what we are trying to accomplish. We got many offices around the world. In most offices we have a netbackup media server, which are connected to our master server in our main office. In most offices we have it-supporters. These guys only should to be able to restore data from the clients in their offices. 

I tried to configure the access the administration console to the media server. In this scenario the users first were able to browse the backups, but if they started the restore the restore job did fail with the error code 37. I contacted the veritas support. They recommended to configure the media server in the administration console > NetBackup Management > Host Properties > Master Servers > Servers as an additional server. The restore is now successful, but the users now are able to browse all backups from all offices.

I also tried to configure opscenter, but opscenter doesn't seem to be able to restore VMware backups or Exchange backups.

Does someone know a way to accomplish what we try to do?

Kind Regards

Hermann Schmidt

5 Replies

  • Hi,

    If you perform the restores from the client instead of the media server. The client can only see it's own images (unless No.Restrictions or altnames configuration is in place). This will cover file and exchange type backups.

    For VMware, depending on the configuration you could try give them access via the vCenter plugin (assuming that each country/site has its own vCenter).

     

    • HermannSchmidt's avatar
      HermannSchmidt
      Level 2

      Hi 

      yes that seems to be a good idea, but what about the granular file restore of a vm backup? Do we need to install the netbackup client on every vm? 

      Is there a way to configure the media server for our use case? We also tried the altnames configuration for our media servers, but the error 37 still occured without the additional server configuration. I would prefer a somewhat central management for our it supporters.

      • RiaanBadenhorst's avatar
        RiaanBadenhorst
        Level 6

        Hi,

        Yes, for file restores it is required in version prior to 8.2 (not that I've test the agentless restore in 8.2 yet).

        Are you running 8.1.2?

        I've not tried it but I'm sure you could give the user access to only recover files, and limit their scope to just vmware policy, or to specfic object in the WebUI

        Page 18 - Add custom role

        https://sort.veritas.com/DocPortal/pdf/130706365-133278116-1