cancel
Showing results for 
Search instead for 
Did you mean: 

Can I set restriction for a user to view and control backup policy?

puneet102
Level 4

We Have Netbackup 7.7.3 Installed on Windows server 2008 R2. I have configured NBAC.We have Multiple policies configured for Exchange, SQL, File server, NDMP etc. We need to create a seprate view for Exchnage backup.Can I restrict the user to view and manage the other policies and backup? Let me explane it by example....

 

Netbackup server have four policies, Exchange for exchange backup, NDMP for NDMP backup, SQL for MS SQL backup and FileServer for MS-Windows backup. Now We have a user as user1 who is Exchange admin. He want to manage exchange backup . We can not give access to user1 for all backup policies. If I am not wrong then I can restrict it by using NBAC for all other policies and can give access only for Exchange policies? Can I change the view options for user1 so that user1 will not see the other policies and backup jobs in activity monitor and in catalog etc.?.


Thanks
Puneet Dixit
5 REPLIES 5

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

I am not aware of a way to provide access to individual policies.

IMHO, policies should be the fuction of a backup admin. 
The Application owners can communicate their requirements, but it is the responsibility of the backup admin to assign backup resources and schedules.

Who will be to blame if an Exchange Admin for example configures his/her policy in such a way that all resources are occupied throughout the entire backup window?

Mike_Gavrilov
Moderator
Moderator
Partner    VIP    Accredited Certified

No, it's not possible to do so.

GeForce123
Level 5

If you have OpsCenter, you could create'Views' for exchange admins that would only allow them to only see the policies that you allow them to. This would at least allow them to monitor the backups for those policies and manually run backups as needed. They wouldn't be able to manage/make changes to the policies but at least it's something.

X2
Moderator
Moderator
   VIP   

@Marianne- I fully agree with this.

Who would be responsible if the "application admin" made a change and messed up his backups? What about if all backups were messed up?

Even if you imagine that the Exchange admin knows what he is doing when changing "his" backup policies, his decision making is a shot in the dark because he does not know anything about the rest of the backup system!

I suggest keeping the application admins informed about the setup and features. Inform them (have formal meetings) about changes in the backup system and they can ask if they want a change. There are often several ways to make a change. An experience backup admin is the best guide for that.

The above way of thinking might be "old school", but it puts safety first.

Thiago_Ribeiro
Moderator
Moderator
Partner    VIP    Accredited

Hi @puneet102

As @Marianne, @X2 said, you can inform the application admins about status of backups and so on..but in my opinion the backup environment belongs of backup admin, thats it!

I passed trought a similar situation in the past, but where you have application admins, I had customers...And only one backup environment with resources limited VTLs and Tapes..

Each one of my coleagues was responsible by one customer backups, everyone had full access and could be make any change, on any place...

Result..As the resources was limited,each one changed the infrastructure according to their own interests, every time someone changed STU,SUGs settings, to make their own backups..Can you imagine how was this messy?

You said about views, take a look on @GeForce123 post, you can create views on OpsCenter..you can create reports for each one the application admins to see their own backups. I recommend that you should not give them the adminstration of backups...that is my opinion.

Regards,

 

Thiago Ribeiro