NetBackup™ Web UI Security Administrator's Guide
- Introducing the NetBackup web user interface
- Managing role-based access control
- Steps to create an object group
- Adding AD or LDAP domains
- Security events and audit logs
- Managing hosts
- Managing security certificates
- Managing NetBackup security certificates
- Using external security certificates with NetBackup
- Managing user sessions
- Managing master server security settings
- Creating and using API keys
- Configuring smart card authentication
- Troubleshooting access to the web UI
- Unable to add AD or LDAP domains with the vssat command
About role-based access control (RBAC) in NetBackup
The NetBackup web user interface provides the ability to apply role-based access control in your NetBackup environment. Use RBAC to provide access for the users that do not currently have access to NetBackup. Or, for current NetBackup users with administrator access you can provide limited access and permissions, based on their role in your organization.
For information on access control methods for the NetBackup Administration Console and access control and auditing information for root users and administrators, refer to the NetBackup Security and Encryption Guide.
Table: RBAC features
Predefined roles or custom roles allow users to perform specific tasks
Predefined roles in RBAC allow users to perform common tasks for a system administrator, backup administrator, or workload administrator. Or, create custom roles to fit the role of your users.
Root users and administrators still have full permissions in all NetBackup interfaces and in the APIs.
Users can access NetBackup areas and features that fit their role
RBAC users can perform common tasks for their business role, but are restricted from accessing other NetBackup areas and features. RBAC also controls the assets that users can view or manage.
Auditing of RBAC events
NetBackup audits successful RBAC events.
RBAC settings are protected with the NetBackup catalog.
Enhanced Auditing or authorization (auth.conf) configurations still available for older interfaces
Enhanced Auditing is supported across all interfaces. You can continue to use the authorization (auth.conf) configurations with the NetBackup Administration Console and the CLIs. With these older interfaces you can manage access to workflows that are not yet supported in the NetBackup web UI and NetBackup APIs.
Note that the auth.conf file does not restrict access to the NetBackup web UI or the NetBackup APIs. You cannot use the web UI if you have NetBackup Access Control (NBAC) enabled.