About using NetBackup Access Control (NBAC)

Article:HOWTO46963  |  Created: 2011-03-24  |  Updated: 2011-03-25  |  Article URL http://www.symantec.com/docs/HOWTO46963
Article Type
How To


Environment

Subject


About using NetBackup Access Control (NBAC)

The NetBackup Access Control (NBAC) is the role-based access control that is used for master servers, media servers, and clients. NBAC can be used in situations where you want to:

  • Use a set of permissions for different levels of administrators for an application. A backup application can have operators (perhaps load and unload tapes). It can have local administrators (manage the application within one facility). It can also have overall administrators who may have responsibility for multiple sites and determine backup policy. Note that this feature is very useful in preventing user errors. If junior level administrators are restricted from certain operations, they are prevented from making inadvertent mistakes.

  • Separate administrators so that root permission to the system is not required to administer the system. You can then separate the administrators for the systems themselves from the ones who administer the applications.

Note:

It has been found that NBAC running on NetBackup 6.5 (AZ version 4.3.19.2) cannot be upgraded to NetBackup 7.1. It is important that you upgrade to AZ version 6.5.4 (4.3.24.4) before the NBAC upgrade from NetBackup 6.5 to NetBackup 7.1 is successful.

The following table lists the considerations before you use NBAC.

Table: Considerations before using NBAC

Consideration

Description

Prerequisites before you configure NBAC

This prerequisites list can help you before you start to configure NBAC. These items ensure an easier installation. The following list contains the information for this installation:

  • User name or password for master server (root or administrator permission).

  • Name of master server

  • Name of all media servers that are connected to the master server

  • Name of all clients to be backed up

  • Host name or IP address

    Note:

    Host names should be resolvable to a valid IP address.

  • Use the ping or traceroute command as one of the tools to ensure that you can see the hosts. Using these commands ensures that you have not configured a firewall or other obstruction to block access.

Determine if the master server, media server, or client is to be upgraded

Determine if the master server, media server, or client is to be upgraded as follows:

  • Some features are provided by upgrading master servers, some by media servers, and some from upgrading clients.

  • NetBackup works with a higher revision master server and lower revision clients and media servers.

  • Feature content determines what is deployed.

  • Deployment can be step wise if required.

Information about roles

Determine the roles in the configuration as follows:

  • Who administers the hosts (root permission on master server equals head administrator).

  • Determine roles to start and then add on roles as required.

NBAC license key requirements

No license is required to turn on the access controls.

See About authorization objects and permissions

See About defining a user group and users

See About determining who can access NetBackup

See About including authentication and authorization databases in the NetBackup hot catalog backups

See About NetBackup Access Control (NBAC) configuration

See Access control host properties

See Access control host properties dialog for the client

See Access management troubleshooting guidelines

See Accessing the client host properties

See Accessing the master server and media server host properties

See Adding a new user to the user group

See Assigned Users pane on the Users tab

See Assigning a user to a user group

See Authentication Domain tab

See Authentication Domain tab for the client

See Authorization objects

See Authorization Service tab

See BUAndRest authorization object permissions

See Client verification points for a mixed UNIX master server

See Client verification points for a mixed Windows master server

See Client verification points for Windows

See Configuring NetBackup Access Control (NBAC) for NetBackup pre-7.0 media server and client computers

See Configuring NetBackup Access Control (NBAC) on standalone master servers

See Configuring NetBackup Access Control (NBAC)

See Configuring NetBackup Access Control (NBAC) on a clustered master server

See Configuring NetBackup Access Control (NBAC) on media servers

See Configuring user groups

See Creating a new user group

See Creating a new user group by copying an existing user group

See Defined Users pane on the Users tab

See DevHost authorization object permissions

See DiskPool authorization object permissions

See Drive authorization object permissions

See Establishing a trust relationship between the broker and the Windows remote console

See Fat client authorization object permissions

See Fat server authorization object permissions

See Granting permissions

See HostProperties authorization object permissions

See Individual users

See Installing and configuring NetBackup Access Control (NBAC) on clients

See Installing the NetBackup 7.1 master server highly available on a cluster

See Job authorization object permissions

See Kms group authorization object permissions

See License authorization object permissions

See Logging on as a new user

See Manually configuring the Access Control host properties

See Master server verification points for a mixed UNIX master server

See Master server verification points for a mixed Windows master server

See Master server verification points for Windows

See Media authorization object permissions

See Media server verification points for a mixed UNIX master server

See Media server verification points for a mixed Windows master server

See Media server verification points for Windows

See NBAC configure commands summary

See NBAC configuration overview

See NBU_Catalog authorization object permissions

See NetBackup access management administration

See NetBackup default user groups

See Network Settings tab

See Network Settings tab for the client

See Permissions tab

See Policy authorization object permissions

See Renaming a user group

See Report authorization object permissions

See Robot authorization object permissions

See Security authorization object permissions

See Server group authorization object permissions

See Service authorization object permissions

See StorageUnit authorization object permissions

See Troubleshooting topics for NetBackup Authentication and Authorization

See Unifying NetBackup Management infrastructures with the setuptrust command

See UNIX client verification

See UNIX master server verification

See UNIX media server verification

See Upgrading NetBackup Access Control (NBAC)

See User groups

See Users tab

See Using the Access Management utility

See Using the setuptrust command

See Vault authorization object permissions

See Verification points in a mixed environment with a UNIX master server

See Verification points in a mixed environment with a Windows master server

See Viewing specific user permissions for NetBackup user groups

See Volume group authorization object permissions

See VolumePool authorization object permissions

See Windows verification points


Legacy ID



v32256146_v54411808


Article URL http://www.symantec.com/docs/HOWTO46963


Terms of use for this information are found in Legal Notices