02-22-2018 06:19 PM
hi experts,
I run netbackup appliance 5230 as a master server in my environment and would like to set up granular level roles and privilages for AD users registered with appliance. but appliance has only 2 roles by default.
i would like to provide granular level acccess to users who login remote java admin console. i kno we do have NBAC for windows master servers. but for netbackup appliance as a master server, could someone please assist me if we have any option for setting up granular level access for user who login java console.
Solved! Go to Solution.
02-25-2018 12:40 PM
hmmm - ok...... I don't get this
So I guess you're perhaps setup with a task to synchronise the group members daily. This is default but I believe can be be deleted once you've all your users setup and configured how you want them. It can become awkward though, if you need to add and remove users on a regualr basis, as you need to recreate the task and then reconfigure the users in auth.conf from scratch - before removing the task again.
Take a look at the available options for 'SyncGroupMembers' in the CLISH
This type of config is not likely to be suitable for some environments and perhaps also why it's still not supported - it's ok for me but then I only have the need to configure a handful of local users that don't change at all. Always make sure you have a backup of the file before editing.
02-23-2018 06:13 AM
Hi
I'm not sure if this is officially supported on an Appliance, but you can edit the auth.conf file and set granulaity there. If you add the users via the Web gui or the CLISH, the appliance will automatically add the users into the auth.conf as either Admin=ALL and\or JBP=ALL. Once the users are added you can then edit the permissions manually to make the roles more granular.- eg Admin=AM+MM to allow the user access to Activity Monitor and Media Management only.
As I said - I don't think this is officially supported on an Appliance but it does work
02-25-2018 06:09 AM
02-25-2018 12:40 PM
hmmm - ok...... I don't get this
So I guess you're perhaps setup with a task to synchronise the group members daily. This is default but I believe can be be deleted once you've all your users setup and configured how you want them. It can become awkward though, if you need to add and remove users on a regualr basis, as you need to recreate the task and then reconfigure the users in auth.conf from scratch - before removing the task again.
Take a look at the available options for 'SyncGroupMembers' in the CLISH
This type of config is not likely to be suitable for some environments and perhaps also why it's still not supported - it's ok for me but then I only have the need to configure a handful of local users that don't change at all. Always make sure you have a backup of the file before editing.
02-28-2018 05:52 PM
thanks much on your clarified post.. :)