Authorizing NetBackup-Java users

NetBackup offers access control through the Access Management utility in the NetBackup Administration Console.

Instructions on how to install the necessary components to use Access Management are available in the NetBackup Security and Encryption Guide.

If NetBackup Access Control is not configured, you may still authorize users of the NetBackup-Java administration console for specific applications. NetBackup Access Control always takes precedence over the capabilities authorization of NetBackup-Java.

If a user is not an authorized administrator by NetBackup Access Control, the actions that the user can perform in the Backup, Archive, and Restore application are limited. The user can perform the actions that are defined in the auth.conf file on the host that is specified in the NetBackup-Java logon dialog box. NetBackup-Java users must log on to the NetBackup-Java application server that is on the NetBackup host where they want to perform administrator or user operations.

The /usr/openv/java/auth.conf file contains the authorization data for accessing NetBackup-Java applications. This file exists only on NetBackup-Java capable machines where the NetBackup-Java interface software is installed.

The default auth.conf file provides the following authorizations:

On NetBackup servers

Administration capabilities for the root user and user backup and restore capabilities for all other users.

On NetBackup clients

User backup and restore capabilities for all users.

On all other UNIX NetBackup systems, the file does not exist but the NetBackup-Java application server provides the same default authorization. To change these defaults on other UNIX systems, create the /usr/openv/java/auth.conf file.

To perform remote administration or user operations with jbpSA, a user must have valid accounts on the NetBackup UNIX server or client machine.

Nonroot or non-administrator users can be authorized to administer Windows NetBackup servers remotely from the NetBackup-Java Console. Do so by setting up authorization in the auth.conf file on the Windows server.

The auth.conf file must contain entries for the UNIX user names that are used in the logon dialog box of the NetBackup-Java Console. The auth.conf file must reside in install_path\VERITAS\java on each Windows server you want to provide nonroot administration capability. Without an auth.conf file, the user has the same privileges on the remote server as on the server that is specified in the logon screen. User privileges are the same if auth.conf does not contain an entry for the user name even though host authorization between the two is configured. (SERVER entries in the configuration of each.)