Veritas NetBackup™ Upgrade Guide
- Introduction
- Planning for an upgrade
- General upgrade planning information
- About upgrade tools
- Upgrade operational notes and limitations
- Master server upgrade
- Media server upgrade
- MSDP upgrade for NetBackup
- Client upgrade
- NetBackup Deployment Management with VxUpdate
- Appendix A. Reference
About RBAC bootstrapping
RBAC Bootstrapping lets you assign role-based access control (RBAC) permissions to a user or a user group during NetBackup installation or upgrade on UNIX platforms. The UNIX installer uses the bpnbaz -AddRBACPrincipal command to grant both security administrator and backup administrator permissions to the user or the user group that you specify in the /tmp/NBInstallAnswer.conf
file.
Note:
RBAC bootstrapping provides access to all objects for the specified user or user group, even if previously the user or the user group had restricted access to certain objects. For example, the existing user Tester1 was assigned the backup administrator role with access to only some object groups. If Tester 1 is specified for RBAC bootstrapping, Tester1 is assigned both the backup administrator and the security administrator roles with access to all objects.
After installation or upgrade, you can run the bpnbaz -AddRBACPrincipal command standalone on both Windows and UNIX platforms to assign RBAC permissions. The command is available only on the master server. For more information about this command, see the NetBackup Command Reference Guide.
Use the answer file template NBInstallAnswer-master.template
available in the install package to create the /tmp/NBInstallAnswer.conf
file. In that file, add the following entries before you run the installation or upgrade:
RBAC_DOMAIN_TYPE = domain_type
RBAC_DOMAIN_NAME = domain_name
RBAC_PRINCIPAL_TYPE = USER | USERGROUP
RBAC_PRINCIPAL_NAME = principal_name
Be aware that RBAC_DOMAIN_TYPE supports the values shown: NT, VX, UNIXPWD, LDAP.
Note:
Additional information about the RBAC_* options is available.
RBAC bootstrapping is not performed if all the entries are empty or missing. In this case, the message Answer file did not contain any RBAC entries is posted in the install trace file. The install process always continues whether the RBAC bootstrapping is successful or not. The audit records are created under the SEC_CONFIG category.
If RBAC bootstrapping is successful, the installer displays the following message:
Successfully configured the RBAC permissions for principal_name.
The installer also displays this message if the user or the user group already exists with the security administrator and the backup administrator RBAC roles.
If one or more RBAC entries exist in the answer file, but a required answer file entry is missing, the installer displays the following message:
Warning: Unable to configure the RBAC permissions. One or more required fields are missing in /tmp/NBInstallAnswer.conf.
If there are other issues with the RBAC Bootstrapping, the installer displays the following message:
Warning: Failed to configure the RBAC permissions for principal_name. Refer to logs in /usr/openv/netbackup/logs/admin for more information.
If RBAC bootstrapping is successful but auditing fails, the install displays the following message:
Successfully configured the RBAC permissions for user_or_usergroup_name. WARNING: Auditing of this operation failed. Refer to logs in /usr/openv/netbackup/logs/admin for more information.
After the installation or upgrade completes, the specified user or user group is assigned both the security administrator and the backup administrator roles with their corresponding RBAC access permissions. The user can then access APIs and the Web UI.