timmy90210
MIS
How would you lock down the policy's but still alow operators to update the roboot and view the activity monitor. I am using Datacenter 4.5 MP3 on a windows 2000 master/media.
Thanks!
Tim
Thanks!
Tim
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Security help!
- Thread starter timmy90210
- Start date
- Status
Since no one replied I hope you don't mind me offering the following. Check out the archive on the following site. A lot of people have asked how to narrow down access relating to the GUI. I just don't remember the answer! 
Hope it helps.
Hope it helps.
Sorry this is so late, but we are just starting to implement and We are running into the same configuration issues. Here is what we have done that has worked:
Step 1. Create an auth.conf file in /usr/openv/java on all media servers and the master server where you want to set up access. The auth.conf file should contain the following:
<user name> ADMIN=AM+MM JBP=ENDUSER
You can play with these options, there are many you can set. See the admin guide page 385 for a list of all the options. The user name must have an account on the system and they must be in a group in the /etc/group file (doesn't matter which one)
AM is the Activity monitor and MM is media management in the above case.
Step 2. Run the command /usr/openv/netbackup/bin/nonroot_admin, choose option 1, then enter the name of the group your user is listed in. We set up a special netbackup group that contained all of our users.
Step 3. The user should log into the gui using the specified user name and their system password to see the limited access. One word of note, we have found that if they log in to the master server they see the activity for all systems with the activity monitor, but only what is local when they log into a media server.
Hope this helps
Step 1. Create an auth.conf file in /usr/openv/java on all media servers and the master server where you want to set up access. The auth.conf file should contain the following:
<user name> ADMIN=AM+MM JBP=ENDUSER
You can play with these options, there are many you can set. See the admin guide page 385 for a list of all the options. The user name must have an account on the system and they must be in a group in the /etc/group file (doesn't matter which one)
AM is the Activity monitor and MM is media management in the above case.
Step 2. Run the command /usr/openv/netbackup/bin/nonroot_admin, choose option 1, then enter the name of the group your user is listed in. We set up a special netbackup group that contained all of our users.
Step 3. The user should log into the gui using the specified user name and their system password to see the limited access. One word of note, we have found that if they log in to the master server they see the activity for all systems with the activity monitor, but only what is local when they log into a media server.
Hope this helps
- Thread starter
- #4
timmy90210
MIS
Does that work for W2k? I don't think they have the java working for w2k unless fp3 fixed it.
Tim
Tim
We are still struggling with this issue. We can limit what they see now, but we still can't seem to limit users from doing restores. Our setup:
All of our current systems are HP Media servers (we are early in our implementation and these systems mount BCV's from other systems than back them up as SAN Media servers locally)
Host Properties for each of these systems is set to "List only"
bp.conf on Master and Media servers is set to DISALLOW CLIENT RESTORE
auth.conf is set to allow backups and restores
With all these parameters, our expectation is that the user won't be able to run a restore until the host properties has changed. Veritas support has been unable to provide any help. Any ideas would be appreciated. We have had them use both jnbSA and jbpSA gui and neither seem to make a difference.
Renee
All of our current systems are HP Media servers (we are early in our implementation and these systems mount BCV's from other systems than back them up as SAN Media servers locally)
Host Properties for each of these systems is set to "List only"
bp.conf on Master and Media servers is set to DISALLOW CLIENT RESTORE
auth.conf is set to allow backups and restores
With all these parameters, our expectation is that the user won't be able to run a restore until the host properties has changed. Veritas support has been unable to provide any help. Any ideas would be appreciated. We have had them use both jnbSA and jbpSA gui and neither seem to make a difference.
Renee
- Status
Similar threads