NetBackup default user groups

Article:HOWTO46925  |  Created: 2011-03-24  |  Updated: 2011-03-25  |  Article URL http://www.symantec.com/docs/HOWTO46925
Article Type
How To


Environment

Subject


NetBackup default user groups

The users that are granted permissions in each of the default user groups relate directly to the group name. Essentially, an authorization object correlates to a node in the NetBackup Administration Console tree.

The following table describes each NetBackup default user group.

Table: NetBackup default user groups

Default user group

Description

Operator (NBU_Operator)

The main task of the NBU_Operator user group is to monitor jobs. For example, members of the NBU_Operator user group might monitor jobs and notify a NetBackup administrator if there is a problem. Then, the administrator can address the problem. Using the default permissions, a member of the NBU_Operator user group would probably not have enough access to address larger problems.

Members of the NBU_Operator user group have the permissions that allow them to perform tasks such as moving tapes, operating drives, and inventorying robots.

Administrator (NBU_Admin)

Members of the NBU_Admin user group have full permission to access, configure, and operate any NetBackup authorization object. Some exceptions exist for SAN Administrators. In other words, members have all of the capabilities that are currently available to administrators without Access Management in place. However, as members of this group, you do not necessary log on as root or administrator in the OS.

Note:

Members of the NBU_Admin user group cannot see the contents of Access Management, and therefore, cannot ascribe permissions to other user groups.

SAN Administrator (NBU_SAN Admin)

By default, members of the NBU_SAN Admin user group have full permissions to browse, read, operate, and configure disk pools and host properties. These permissions let you configure the SAN environment and NetBackup's interaction with it.

User (NBU_User)

The NBU_User user group is the default NetBackup user group with the fewest permissions. Members of the NBU_User user group can only back up, restore, and archive files on their local host. NBU_User user group members have access to the functionality of the NetBackup client interface (BAR).

Security administrator (NBU_Security Admin)

Usually very few members exist in the NBU_Security Admin user group.

The only permission that the Security Administrator has, by default, is to configure access control within Access Management. Configuring access control includes the following abilities:

  • To see the contents of Access Management in the NetBackup Administration Console

  • To create, modify, and delete users and user groups

  • To assign users to user groups

  • To assign permissions to user groups

Vault operator (Vault_Operator)

The Vault_Operator user group is the default user group that contains permissions to perform the operator actions necessary for the Vault process.

KMS Administrator (NBU_KMS Admin)

By default, members of the NBU_KMS Admin user group have full permissions to browse, read, operate and configure encryption key management properties. These permissions make sure that you can configure the KMS environment and NetBackup's interaction with it.

Additional user groups

The Security Administrator (member of NBU_Security Admin or equivalent) can create user groups as needed. The default user groups can be selected, changed, and saved. Symantec recommends that the groups be copied, renamed, and then saved to retain the default settings for future reference.

See About using NetBackup Access Control (NBAC)

See Individual users.

See User groups.


Legacy ID



v32157322_v54411808


Article URL http://www.symantec.com/docs/HOWTO46925


Terms of use for this information are found in Legal Notices