cancel
Showing results for 
Search instead for 
Did you mean: 

How to give users access to restore backups only

DoubleP
Level 5

Hello, we're using Veritas 8.0 on Linux servers. We are working on giving one of our support groups the ability to do their own restores . My question is: how do we give them access to only find and restore backups, without giving them Admin access?

(I tried searching documentation, but didn't find that)

1 ACCEPTED SOLUTION

Accepted Solutions

X2
Moderator
Moderator
   VIP   

Here are acouple of options:

You might want to try configuring the /usr/openv/java/auth.conf file to give them acces to BAR or JBP (see https://www.veritas.com/support/en_US/doc/18716246-126559472-0/v41641740-126559472), if you are not going to NBAC direction.

However, if the user has root/Administrator privileges on the client, they can either use the NetBackup Windows client to perform a restore or the commandline utility bprestore on Linux clients.

View solution in original post

7 REPLIES 7

Michal_Mikulik1
Moderator
Moderator
Partner    VIP    Accredited Certified

Hello,

a bit difficult to achieve this by some restrictions in NetBackup Admin Console if they have access to it.You must implement NetBackup Access Control for this which is not very easy.

But when members of your support group have OS access to backedup clients only, not to OS of Master/Media Servers, they can issue commands like bplist and bprestore to initate file restores on these clients. Then they cannot do anything else with NetBackup.

Regards

Michal

They'll be logging into the master consoles and performing restores from there. Is there a way that they can only get to the B A R portion on NBU? 

X2
Moderator
Moderator
   VIP   

Here are acouple of options:

You might want to try configuring the /usr/openv/java/auth.conf file to give them acces to BAR or JBP (see https://www.veritas.com/support/en_US/doc/18716246-126559472-0/v41641740-126559472), if you are not going to NBAC direction.

However, if the user has root/Administrator privileges on the client, they can either use the NetBackup Windows client to perform a restore or the commandline utility bprestore on Linux clients.

So, I could make each support person 

 

user1 ADMIN=BAR+JBP

 

I'll try that. Thanks

andrew_mcc1
Level 6
   VIP   

Hopefully this will work for your environment. However if not be aware that Veritas have stated that NetBackup Access Control (NBAC) is going away. It is being replaced by NetBackup Roll Based Access Control (RBAC) in the new web user interface in version 8.1.2, however it is not fully functional yet.

Good Luck, Andrew

quebek
Moderator
Moderator
   VIP    Certified

Hello

You can read about netbackup self service maybe it will fit to your needs

Thanks andrew_mcc1, I was not aware of this.