RBAC Configuration Changes in NetBackup 8.3 (and later)

RBAC Configuration Changes in NetBackup 8.3 (and later)

Article: 100047577
Last Published: 2020-06-08
Ratings: 1 1
Product(s): Appliances, NetBackup

Problem

NetBackup 8.3 introduces a new implementation of role-based access control. Any existing role-based access control configuration is immediately defunct. Administrator users (OS administrators, enhanced auditing administrators, appliance NBCLI users) will continue to have administrator level access to the system. However, all other user access will need to be reconfigured upon upgrade. 

Error Message

While there are no error messages, there will be prompts during the installation/upgrade process that will reference this technical article and require user interaction to confirm acknowledgement before proceeding with the upgrade. Any NetBackup master server that is being upgraded from 8.1.2 (or higher) to NB 8.3 (or higher) will run this check.  

Cause

Access rules are the entry point for access in RBAC API gen1. If there are access rules beyond the one that grants access to admin users (OS admins, enhanced auditing users, appliance NBCLI users), then there is some level of access control defined in the system being upgraded. The presence of any configured access rules means that some user(s) have non-admin access to the system that will be removed upon upgrade. 

Solution

After the upgrade to NetBackup 8.3 is complete, a user may use the RBAC user migration tool available in the NetBackup 8.3 installation's goodies directory (Ex: /usr/openv/NetBackup/bin/goodies/rbac_user_migration) to optionally reconfigure some of the existing RBAC configuration to the new model in NetBackup 8.3. 

A Perl script version of this tool may be obtained from https://sort.veritas.com/public/netbackup/rbac/rbac_user_migration.pl

Note: Only the current Backup Administrator and Security Administrator roles are convertible. In addition, note that the new Administrator role has all access to everything, which is different from the previous Backup Administrator role.  

The options available will be  

  1. To move backup admins to the Administrator role and  
  2. Create a Security Administrator role and re-add those users previously members of the NetBackup 8.2 (or below) Security Administrator role. 

Note: For option 2, note that the Administrator role has all permissions, including those of the previous Security Administrator role.

 

For additional information about RBAC changes, please see technical article 100047660.

References

JIRA : NBU-93537

Was this content helpful?