cancel
Showing results for 
Search instead for 
Did you mean: 

Netbackup appliance granular level access for java console

dinu4010
Level 3

hi experts, 

I run netbackup appliance 5230 as a master server in my environment and would like to set up granular level roles and privilages for AD users registered with appliance. but appliance has only 2 roles by default. 

i would like to provide granular level acccess to users who login remote java admin console. i kno we do have NBAC for windows master servers. but for netbackup appliance as a master server, could someone please assist me if we have any option for setting up granular level access for user who login java console.

1 ACCEPTED SOLUTION

Accepted Solutions

CadenL
Moderator
Moderator
Partner    VIP    Accredited Certified

hmmm - ok...... I don't get this

So I guess you're perhaps setup with a task to synchronise the group members daily. This is default but I believe can be be deleted once you've all your users setup and configured how you want them. It can become awkward though, if you need to add and remove users on a regualr basis, as you need to recreate the task and then reconfigure the users in auth.conf from scratch - before removing the task again.

Take a look at the available options for 'SyncGroupMembers' in the CLISH

This type of config is not likely to be suitable for some environments and perhaps also why it's still not supported - it's ok for me but then I only have the need to configure a handful of local users that don't change at all. Always make sure you have a backup of the file before editing.

View solution in original post

4 REPLIES 4

CadenL
Moderator
Moderator
Partner    VIP    Accredited Certified

Hi

I'm not sure if this is officially supported on an Appliance, but you can edit the auth.conf file and set granulaity there. If you add the users via the Web gui or the CLISH, the appliance will automatically add the users into the auth.conf as either Admin=ALL and\or JBP=ALL. Once the users are added you can then edit the permissions manually to make the roles more granular.- eg Admin=AM+MM to allow the user access to Activity Monitor and Media Management only.

As I said - I don't think this is officially supported on an Appliance but it does work

 

Thanks for your reply. But when I edit the auth. Conf with granular permissions for users added in auth.conf file. It gets reset every day automatically. How can we sort this out.

CadenL
Moderator
Moderator
Partner    VIP    Accredited Certified

hmmm - ok...... I don't get this

So I guess you're perhaps setup with a task to synchronise the group members daily. This is default but I believe can be be deleted once you've all your users setup and configured how you want them. It can become awkward though, if you need to add and remove users on a regualr basis, as you need to recreate the task and then reconfigure the users in auth.conf from scratch - before removing the task again.

Take a look at the available options for 'SyncGroupMembers' in the CLISH

This type of config is not likely to be suitable for some environments and perhaps also why it's still not supported - it's ok for me but then I only have the need to configure a handful of local users that don't change at all. Always make sure you have a backup of the file before editing.

thanks much on your clarified post.. :)