NetBackup™ Web UI Security Administrator's Guide
- Introducing the NetBackup web user interface
- Managing role-based access control
- About role-based access control (RBAC) in NetBackup
- NetBackup default RBAC roles
- Configuring RBAC
- Add a custom role
- Edit or delete a custom role
- Add an object group
- Previewing the assets, application servers, or protection plans for an object group
- Edit or delete an object group
- Add access for a user through access rules
- Edit or remove user access rules
- How can I limit role permissions to specific objects or assets?
- Security events and audit logs
- Managing host mappings and certificates
- About security management and certificates in NetBackup
- NetBackup host IDs and host ID-based certificates
- View NetBackup host information
- Approve or add mappings for a host that has multiple host names
- Reissue a certificate when a host's certificate is no longer valid
- Remove mappings for a host that has multiple host names
- Reset a host's attributes
- Managing global security settings
- Troubleshooting the web UI
Add an object group
Object groups can define the assets, application servers, or protection plans that users can view or manage. You can create an object group that grant access to specific workloads or objects. For example, you can grant access to all objects in the VMware workload or to specific VMware servers. Or, you can grant access to all assets, application servers, or protection plans. For example, a backup administrator that has access for all protection plans can manage any protection plan in NetBackup.
To manage or perform recovery of assets or application servers, a user must have one or more access rules with an object group that includes those objects. To manage or subscribe assets to certain protection plans, a user must have one or more access rules with an object group that includes those plans.
Note:
Object groups can also limit what the user can create. For example, assume that a backup administrator has only one access rule that gives access to protection plans that contain the word "finance". Therefore that user can only create protection plans that contain the word "finance".
To add an object group
- On the left, click Security > RBAC.
- Click the Object groups tab and click Add.
- Provide the name and description for the object group.
You may want to include any keywords that describe the type of assets in the group or the region the assets reside in.
- Select any assets that you want to add to this object group.
You can define the assets for this object group in the following ways:
All assets in a specific workload
A specific VMware server and all its VMs
A specific VMware server and selected VMs for that server
Turn on Grant access to all to include all available assets
See Selecting the assets for an object group.
Users granted access to these assets can view or manage these assets, according to the role that they are assigned.
- Select any application servers that you want to add to this object group.
You can define the application servers for this object group in the following ways:
All application servers, in a specific workload
Specific application servers
Turn on Grant access to all to include all available application servers
See Selecting the application servers for an object group.
Users granted access to these assets can view or manage these application servers, according to the role that they are assigned.
- Select the protection plans that you want to add to this object group.
You can define the protection plans for this object group in the following ways:
Specific protection plans
Turn on Grant access to all to include all protection plans
See Selecting the protection plans for an object group.
Users granted access to these protection plans can view or manage these plans, according to the role that they are assigned. Users with "view" permissions can also subscribe assets to the protection plans in the object group.
- Click Save.
You can preview the assets that are included in an object group. See Preview the assets, application servers, or protection plans that are in an object group.
To include all assets in a specific workload
- Click Add workload, then select the workload type that you want to include.
For example, select VMware to include all VMware assets.
To include a specific VMware server and all its VMs
- Under Assets, click Add workload, then select the workload type that you want to include.
For example, select VMware to include all VMware assets.
- Click Add VMware server.
- Select the name of the vCenter that you want to include. Or, click on the vCenter name to browse for a server, cluster, or datacenter.
- Click Save.
To include a specific VMware server and selected VMs for that server
- Under Assets, click Add workload, then select the workload type that you want to include.
For example, select VMware to include all VMware assets.
- Click Add VMware server.
- Select the name of the vCenter that you want to include. Or, click on the vCenter name to browse for a server, cluster, or datacenter.
- Click Save.
- Turn off Include all VMs in this server.
- Define one or more conditions. Conditions are case-sensitive.
For multiple conditions, select the operator (AND or OR).
In the following example, the object group includes assets in the VMware workload, from the cluster servercl02 on the VMware server abc.domain.com and with a display name that starts with accounting.
You can preview the assets that are included in an object group. See Preview the assets, application servers, or protection plans that are in an object group.
To include all application servers, in a specific workload
- Under Application servers, click Add workload, then select the workload type that you want to include.
For example, select VMware to include all VMware application servers.
To include specific application servers, in a specific workload
- Under Application servers, click Add workload, then select the workload type that you want to include.
For example, select VMware to include all VMware application servers.
- Add one or more conditions. Conditions are case-sensitive.
For multiple conditions, select the operator (AND or OR).
In the following example, the object group includes application servers from the VMware workload with a server name that starts with HR or with a name that contains Marketing.
You can preview the assets that are included in an object group. See Preview the assets, application servers, or protection plans that are in an object group.
To include specific protection plans
- Under Protection plans, click Add condition.
- Select the attributes for the condition. Conditions are case-sensitive.
For multiple conditions, select the operator (AND or OR).
In the following example, the object group includes protection plans with a name that contains finance.
You can preview the objects that are included in an object group. Note that an object group changes dynamically as objects are added and removed from the NetBackup environment. When backups run, the object group updates at run-time to reflect the objects available at the time of backup.
To preview the assets, application servers, or protection plans that are in an object group
- On the left, click Security > RBAC.
- Click the Object groups tab and the object group that you want to edit.
- To the right of Assets, Application Servers, or Protection Plans, click Preview.
- NetBackup displays a real-time view of the objects that meet the criteria that you configured. You can sort or search the objects in the preview. Note that searches are case-sensitive.
- When you are finished with the preview, at the top right-click the Close icon.