cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Using BPEXPDATE on a 5240 Appliance

SYM-AJ
Level 5

‎05-16-2017 02:03 PM

I have a number of 5240 Appliances running V3 with the Master/Media role.  We are importing a number of tapes from another NBU environment and some of the retentions need to be amended.

I know I can use the /usr/openv/netbackup/bin/admincmd/bpexpdate -m xx1234 -d 06/30/18 command to afect all images on a tape, but this needs command line access which I don't want to grant to my admin staff.

How else can I do this ?

AJ

0 Kudos
4 REPLIES 4

sidm
Level 3
Employee

‎05-16-2017 02:05 PM - edited ‎05-16-2017 02:07 PM

You can execute this command using a non-admin NetBackupCLI user.

Reference: https://www.veritas.com/support/en_US/article.v97047302_v121822011

(The reference points to the Virtual Appliance, but the concept is identical in the physical Appliance)

 

Appliance User Experience
0 Kudos

sidm
Level 3
Employee
In response to sidm

‎05-16-2017 02:08 PM

Once you create the NetBackupCLI user, just login using that instead of "admin".

Appliance User Experience
0 Kudos

SYM-AJ
Level 5
In response to sidm

‎05-16-2017 03:37 PM

Thanks for the input.

I have one issue here though......

I have the staff involved defined already in the auth.conf with specific priveledges as I don't want them to have admin rights, and NetbackupCLI is not sufficient.  These users (although AD integration is implemented) have manual entries at the bottom of the auth.conf file (catch-all entry has been removed) granting them specific rights (JBP,MM,AM,DM).  CLI is not available as one of these rights.  If I add them as an AD user and grant them NetBackupCLI this entry will be populated in the middle section of the auth.conf and the manual entry granting all other priveledges will never be reached.  Dilema......

Also, I cannot create a separate user for this task only as site security restrictions do not allow this.

Any thoughts ?

AJ

 

0 Kudos

D_Flood
Level 6
In response to SYM-AJ

‎05-19-2017 11:21 AM

Despite some efforts to eliminate it, CLI access is still the only way to do certain things in NetBackup.  And yes, ADMIN.CONF doesn't cover it because of the requirement (which I've heard is relaxed in 8.0/3.0) for the NetBackup Admins to be local or domain Admins as well.

One solution which may work is for the people without CLI to type up the series of commands that need to be executed and then provide them to someone with CLI.  Not only would this constitute "separation of duties/responsibilities" but also could be used as a "second set of eyes" review.

Another option is to not change the image expirations but change the tape expiration.  That can be done via the GUI (right click on a tape, change).  I haven't done this to see if it also updates the associated images but it might be worth some experimentation.

 

0 Kudos