NetBackup™ Web UI Security Administrator's Guide
- Introducing the NetBackup web user interface
- Managing role-based access control
- Steps to create an object group
- Adding AD or LDAP domains
- Security events and audit logs
- Managing hosts
- Managing security certificates
- Managing NetBackup security certificates
- Using external security certificates with NetBackup
- Managing user sessions
- Managing master server security settings
- Creating and using API keys
- Configuring smart card authentication
- Troubleshooting access to the web UI
- Unable to add AD or LDAP domains with the vssat command
About object groups
An object group defines some combination of assets, application servers, or protection plans. A user's role and object group (which make up the user's access rule) determine the permissions that a user has for the objects in the object group.
To manage or perform recovery of specific assets, a user must have an access rule with those assets. To manage or subscribe assets to certain protection plans, a user must have an access rule with those plans. To manage credentials for specific application servers, a user must have an access rule that includes those servers. Depending on the role a user has, the user can perform the following tasks.
A security administrator has permissions for all objects in all object groups. A user with this role can:
View all assets.
View all application servers.
View all protection plans.
A backup administrator can manage:
Protection plans that are included in the object group.
Which plans the assets in the object group are subscribed to.
Jobs for the assets that are included in the object group.
The credentials for application servers in the object group.
A workload administrator can:
View protection plans that are included in the object group.
Manage which plans the assets in the object group are subscribed to.
Perform recovery of assets in the object group.
Object groups can also limit what the user can create. For example, assume that a backup administrator has only one access rule that gives access to the protection plans that contain the word "finance". Therefore that user can only create the protection plans that contain the word "finance".