cancel
Showing results for 
Search instead for 
Did you mean: 

Authorize users for a subset of the NetBackup-Java

Hi;

How can I give a user access to check policy but he can’t create any “using NetBackup GUI”?

 

Thank

4 Replies

The standard Java GUI doesn't

The standard Java GUI doesn't provide the level of granularity I think you are looking for here. You can grant a user access to policies as per Riaan's instructions above, but they then have full access to those, not read-only (from what I recall).

You would need to look into the Role Based Access Controls (which is not something to be considered lightly!) to get deeper granularity than this. See the RBAC section in the NetBackup Security & Encryption Documentation, link to 6.5 material is below.

http://www.symantec.com/business/support/index?page=content&id=TECH52825

Regards,

max.

Hi,   Please check the

Hi,

 

You could do this by installing the NetBackup-Java Console (this is not the remote adminstration console that comes with windows)

Please check the NetBackup System Administrator’s Guide for Windows, Volume I for more details. Here is the basics of what to configure in your auth.conf file. If the file is not there, simply create it.

Authorization File Characteristics
The released version of the UNIX /usr/openv/java/auth.conf file is installed on all NetBackup-Java capable hosts and contains only the following entries:
root ADMIN=ALL JBP=ALL
* ADMIN=JBP JBP=ENDUSER+BU+ARC


The first field of each entry is the user name that is granted access to the rights specified by that entry. In the released version, the first field allows root users to use all of the NetBackup-Java applications.
An asterisk in the first field indicates that any user name is accepted and the user is allowed to use the applications as specified. If the auth.conf file exists, it must have an entry for each user or an entry containing an asterisk (*) in the username field; users without entries cannot access any NetBackup-Java applications. Any entries that designate specific user names must precede a line that contains an asterisk in the username field.
Note The asterisk specification cannot be used to authorize all users for any administrator capabilities. Each user must be authorized via individual entries in the auth.conf file.
If you wish to deny all capabilities to a specific user, add a line indicating the user before a line starting with an asterisk. For example:
mydomain\ray ADMIN= JBP=
* ADMIN=JBP JBP=ENDUSER+BU+ARC


Explanation of the attributes

 

ALL = Administration of all applications
AM = Activity Monitor
BMR = Bare Metal Restore
BPM = Backup Policy Management
BAR or JBP = Backup, Archive and Restore
CAT = Catalog
DM = Device Manager
HPD = Host Properties
MM = Media Management
REP = Reports
SUM = Storage Unit Management
VLT = Vault Management

Max is correct. I've assumed

Max is correct. I've assumed you meant check the policies in the activity monitor when you say "check policies". In other words, monitor the backups.

 

If you want to give read-only access then you'll need NBAC, or OpsCenter.

thanks Max i found Vxss not

thanks Max

i found Vxss not active , and I am trying to fix this, i think this will help me

best regard