cancel
Showing results for 
Search instead for 
Did you mean: 

Authorizing "Netbackup Management -> Applications" menu

ahtor
Level 2

How do I give user rights to use this "Netbackup Management -> Applications" menu in Netbackup Administration Console?
Netbackup 7.7.1

Now I have in auth.conf file:
user ADMIN=AM+BPM+BAR+CAT+HPD+REP JBP=ALL

And user have no rights to mentioned menu.

Looked in:
https://www.veritas.com/support/en_US/article.000121303
there is no such option...

Rgds,

Ahto

6 REPLIES 6

Nicolai
Moderator
Moderator
Partner    VIP   

For granualr access you need NBAC - which I don't recommend.

For non-root access with administrative right to whole the Netbackup enviroment, you need Enhanced Auditing.

http://www.veritas.com/docs/000124456

More information in the "Netbackup Security and Encryption" guide

http://www.veritas.com/docs/000116407

NBAC is configured.
Also line "USE_AUTH_CONF_NBAC = YES" in bp.conf.

Our DBA-s need access to this menu.
I do not want to give them "user ADMIN=ALL JBP=ALL" - this also works.
But line "user ADMIN=AM+BPM+BAR+CAT+HPD+REP JBP=ALL" - no access to "Application" menu.

So my question was - is there any undocumented option to configure auth.conf file?

Rgds,
Ahto

 

Nicolai
Moderator
Moderator
Partner    VIP   

I am guessing you are using Oracle intelligent Policies.

Auth.conf only offer the sections you have already showed us.

If using NBAC you check out the section 6 in the "NetBackup 7.7 Security and Encryption Guide" - "Object permissions". NBAC permissions superceed auth.conf permissions. I haven't check if there is a object permission for "Applications".

Yes, you are right - we use both Oracle and MSSQL intelligent policies.
And I also get so far.
But I cannot find anywhere what authorization object is this "Applications" menu...

Rgds,
Ahto

Nicolai
Moderator
Moderator
Partner    VIP   

Application may very well not be implemented in both auth.conf and NBAC. BMR and logging assistant in the GUI is also not NBAC implemented.

That said, Veritas is working on RBAC that will replace NBAC completely. It expect it to be released in 8.X

Best Regards

Nicolai

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

I think Nicolai is right. Seems the developers 'forgot' to add an option to auth.conf.

You may want to log a call with Support. If you get through to the 'right' person, he/she will send it to backline and from there to Engineering for a fix.

The 'wrong' support engineer will simply tell you to log a request for enhancement.
This process however is lengthy - you need to get hold of Product Management via your local Veritas office, who will then submit the request to Engineering. 
Priority depends on the amount of requests world-wide for the same feature...