NetBackup™ Web UI Security Administrator's Guide
- Introducing the NetBackup web user interface
- Managing role-based access control
- Steps to create an object group
- Adding AD or LDAP domains
- Security events and audit logs
- Managing hosts
- Managing security certificates
- Managing NetBackup security certificates
- Using external security certificates with NetBackup
- Managing user sessions
- Managing master server security settings
- Creating and using API keys
- Configuring smart card authentication
- Troubleshooting access to the web UI
- Unable to add AD or LDAP domains with the vssat command
Add access for a user through access rules
In the NetBackup web UI, you give a user access to NetBackup through one or more access rules. Access rules are composed of:
A user or a user group. This user or group can be either local or of a domain.
A role, which defines the permissions that a user has.
Role permissions only determine what kinds of actions a user can perform. The object group determines what a user can access in the environment.
An object group, which defines the assets, application servers, or protection plans that a user can view or manage.
When you create an access rule for a user with the role, that user has access to all objects or assets.
Before you can create an access rule, you need to do the following:
To add domain users, you must configure the Active Directory (AD) or LDAP domain with NetBackup.
Use the vssat command to configure the domains in your environment. See Add AD or LDAP domains.
Local users do not require this configuration.
Determine which role you want to give a user.
Determine which assets or application servers that you want a user to have access to and select the appropriate object groups. Or, create the appropriate object groups.
The role permissions that a user has can be further limited by the object groups the user is granted access to. See Steps to create an object group.
To add access for a user
- On the left, click Security > RBAC.
- Click the Access rules tab and click Add.
- Type a domain and a user name. Click + to validate this user.
For this type of user
Use this format
- Select a role that includes the permissions that you want to assign to the user.
- Select an object group that includes the assets that you want the user to have access to.
Note that a user with the Security administrator role has access to all objects or assets. The only available selection for that role is All objects.
- Provide a description for the access rule and click Save.