11-28-2018 06:54 AM - edited 11-28-2018 06:55 AM
Hello, we're using Veritas 8.0 on Linux servers. We are working on giving one of our support groups the ability to do their own restores . My question is: how do we give them access to only find and restore backups, without giving them Admin access?
(I tried searching documentation, but didn't find that)
Solved! Go to Solution.
11-28-2018 12:01 PM
Here are acouple of options:
You might want to try configuring the /usr/openv/java/auth.conf file to give them acces to BAR or JBP (see https://www.veritas.com/support/en_US/doc/18716246-126559472-0/v41641740-126559472), if you are not going to NBAC direction.
However, if the user has root/Administrator privileges on the client, they can either use the NetBackup Windows client to perform a restore or the commandline utility bprestore on Linux clients.
11-28-2018 07:42 AM
Hello,
a bit difficult to achieve this by some restrictions in NetBackup Admin Console if they have access to it.You must implement NetBackup Access Control for this which is not very easy.
But when members of your support group have OS access to backedup clients only, not to OS of Master/Media Servers, they can issue commands like bplist and bprestore to initate file restores on these clients. Then they cannot do anything else with NetBackup.
Regards
Michal
11-28-2018 08:23 AM
They'll be logging into the master consoles and performing restores from there. Is there a way that they can only get to the B A R portion on NBU?
11-28-2018 12:01 PM
Here are acouple of options:
You might want to try configuring the /usr/openv/java/auth.conf file to give them acces to BAR or JBP (see https://www.veritas.com/support/en_US/doc/18716246-126559472-0/v41641740-126559472), if you are not going to NBAC direction.
However, if the user has root/Administrator privileges on the client, they can either use the NetBackup Windows client to perform a restore or the commandline utility bprestore on Linux clients.
11-28-2018 12:11 PM
So, I could make each support person
user1 ADMIN=BAR+JBP
I'll try that. Thanks
11-28-2018 02:27 PM
Hopefully this will work for your environment. However if not be aware that Veritas have stated that NetBackup Access Control (NBAC) is going away. It is being replaced by NetBackup Roll Based Access Control (RBAC) in the new web user interface in version 8.1.2, however it is not fully functional yet.
Good Luck, Andrew
11-29-2018 03:50 AM
Hello
You can read about netbackup self service maybe it will fit to your needs
11-29-2018 06:21 AM
Thanks andrew_mcc1, I was not aware of this.