08-26-2011 03:52 PM
I have a customer who is looking to implement NBAC in their Netbackup environment for master and media servers only. The installation and setup of the authorization servers seems extremely straight forward but I have a couple of questions that for the life of me I cannot seem to find between the guides and how to documents (although it could just be bleary eye syndrome so help me if i've overlooked something). They are the following:
1. Can you specify an active directory group to be a part of an NBAC user group? Or do we have to individually add each user under the group to the NBAC user group? We are attempting to reduce the amount of time management spent in managing user accounts in general. if it is possible, if you can give me an example of how to perform this, that would be great.
2. Can you specify that an NBAC user group has modify access to only a specific list of policies (please note this does not mean that i don't want them to be able to manage policies altogether, but instead only a subset of policies)? For example, we would like the Unix netbackup admins to be able to modify the unix policies and systems but not be able to change the windows based policies. Obviously it would take a security admin to manage who could do what but they would prefer having peace of mind that someone else is not changing their work. The only other way around this that i can see if it is not a functionality is creating trail auditing and running reports to make sure unix guy A isn't messing with windows guy B's policies and vice versa.
Thanks for your help in advance!