cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

About UserID management on NSS

Go to solution
atoyoda
Level 3

‎08-29-2018 11:25 PM

1. Is there any document that explains the access right of the permission (AccessProfile?) To be granted to the user?
2. About ActiveDirectory users
(A) Is it possible to delete this user after registering the Active Directory user as a tenant?
(B) Is it possible to register the same Active Directory user to multiple tenants?
(C) Is it possible to change the registered Active Directory user to another tenant?

Best regards

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
JonHunt
Moderator
Moderator
   VIP   

‎08-30-2018 06:44 AM

To Address your second question

2. About ActiveDirectory users
(A) Is it possible to delete this user after registering the Active Directory user as a tenant?
(B) Is it possible to register the same Active Directory user to multiple tenants?
(C) Is it possible to change the registered Active Directory user to another tenant?

(A) User's can be deactived but not deleted. Deactivated users may be ‘anonymized’, to allow compliance with the EU General Data ProtectionRegulation (GDPR). This action will reset the User ID, User Name and Email Address fields to the User GUID, and can be done via the User List or by means of the scheduled task. This task uses the System Setting (Number of days before deactivated users will be anonymized) to determine which deactivated user to consider.

(B) No. For each tenant the user would need to have a unique ID login.

(C) No. As per (B) they would need to have a new unique ID login created.

 

 

View solution in original post

0 Kudos
3 REPLIES 3

Go to solution
JonHunt
Moderator
Moderator
   VIP   

‎08-30-2018 06:32 AM

I am going to break up the reply into 2 parts, so first to address your first question......

Q1. Is there any document that explains the access right of the permission (AccessProfile?) To be granted to the user?

First have a look at the section in the ' NetBackup Self Service Configuration Guide' titled Access rights. I have copied this out below for the 8.1 version (page 29) of NSS but please check the guide that refers to your version.

Access Rights

By default all users can carry out all possible actions on every computer that is registered to their tenant. This ability depends on the functionality that the computer can support. All users can see the monthly usage data for their tenant. You can control the available actions at three levels: globally, per tenant, or per user.

Control of these access rights is available through Admin > Settings > Integration Settings in the NetBackup Adapter Access Rights section. The access rights are Allow Backup Now, Allow Protect Machine, Allow Restore File, Allow Restore Vm, Allow Unprotect Machine, Allow Register for File Restore, Allow Register for Protection, Allow Restore SQL, Allow Restore Oracle, and Allow Usage Report.

To globally enable or disable an action for all users

  1. Click the required access right in the NetBackup Adapter Access Rights

    section.

  2. Choose Enabled or Disabled in the Value field.

    Ensure Allow Tenant Override is not checked.

    Ensure Allow User Override is (None).

  3. To allow different tenants to have different actions available to them.

    • Click the required access right in the NetBackup Adapter Access Rightssection

    • Choose Enabled or Disabled in the Value field. This setting is the default for any existing tenants or any new tenants

    • Check Allow Tenant Override
      Ensure Allow User Override is set to None.

      Only a non-tenant associated administrator who has access to all of the Tenants can change the value.

      To configure the value of the access rights for each tenant

  1. Select the Integration tab in the Tenant Admin screen.

  2. Admin > Organization > Tenant > Integration.

  3. Click the required access right in the NetBackup Adapter Access Rightssection.

  4. Choose Enabled or Disabled in the Value field.

To allow different users to have different actions available to them

  1. Click the required access right in the NetBackup Adapter Access Rights

    section.

  2. Choose Enabled or Disabled in the Value field. This setting is the default for any existing or any new users.

  3. Ensure Allow Tenant Override is not checked.

  4. Set Allow User Override to For User.

When For User overriding is chosen the value can be changed in any of the following places:

  • By an administrator user in the Integration tab of User Administration (Admin > Organization > User > Integration)

  • By an administrator user in the Integration tab of Tenant User Administration (Admin > Organization > Tenant > Users > Select User > Integration)

  • By a tenant administrator in the Integration tab of their tenant's User Maintenance screen (Admin > User Management > Select User > Integration).

    • Click the required access right in the NetBackup Adapter Access Rightssection

    • Choose Enabled or Disabled in the Value field Do not select the By User override option.

In addition you can also manage the Access profile as per below;

Access Profile

An Access Profile determines which functional areas a user can access. Customized profiles can be created by grouping any number from a list of more than 30 Access Rights; each user on the system is then assigned the appropriate access profile to control what they can access and the actions they can perform on the system. Any number of Access Profiles can be created to provide a full range of access options and customer created access profiles can be edited or deleted.

The system provides two shipped access profiles: ‘Supervisor’, which has all access rights assigned, giving full access to all of the system and ‘Default Access Profile’, which gives basic access for a standard user. The default user access profile is editable.

To create a new access profile, select Access Profile > Add, within the Organization category. Allocate an ID then create the Access Profile Name and Description. Access rights can be linked in the adjacent tab by clicking on the Access Right Name (hyperlink) and the access right will move to the Linkedsection. Moving the mouse over the Access Right Name gives a fuller explanation of the access right.

 

0 Kudos

Go to solution
JonHunt
Moderator
Moderator
   VIP   

‎08-30-2018 06:44 AM

To Address your second question

2. About ActiveDirectory users
(A) Is it possible to delete this user after registering the Active Directory user as a tenant?
(B) Is it possible to register the same Active Directory user to multiple tenants?
(C) Is it possible to change the registered Active Directory user to another tenant?

(A) User's can be deactived but not deleted. Deactivated users may be ‘anonymized’, to allow compliance with the EU General Data ProtectionRegulation (GDPR). This action will reset the User ID, User Name and Email Address fields to the User GUID, and can be done via the User List or by means of the scheduled task. This task uses the System Setting (Number of days before deactivated users will be anonymized) to determine which deactivated user to consider.

(B) No. For each tenant the user would need to have a unique ID login.

(C) No. As per (B) they would need to have a new unique ID login created.

 

 

0 Kudos

Go to solution
atoyoda
Level 3
In response to JonHunt

‎09-02-2018 10:24 PM

Hi john-san,
Thank you for informative information.
This is the information we were looking for.

0 Kudos