Previous  |  Next >  
Product: NetBackup System Administrator's Help  

Restricting Access on Windows

To restrict access to one or more of the NetBackup-Java applications, create the following file on the Windows system:

nbjava_install_path\java\auth.conf

Add an entry in auth.conf for every user that will be granted access to the NetBackup-Java applications. The existence of this file, along with the entries it contains, prohibits unlisted users from accessing NetBackup-Java applications on the Windows system. The following is a sample auth.conf file on a Windows system:


   mydomain\Administrator ADMIN=ALL JBP=ALL
   mydomain\joe ADMIN=ALL JBP=ALL
   * ADMIN=JBP JBP=ENDUSER+BU+ARC

The auth.conf file possesses the following characteristics:

  • The first field of each entry is the user name that is granted access to the rights specified by that entry. An asterisk in the first field indicates that any user name is accepted and the user is allowed to use the applications as specified. If the auth.conf file exists, it must have an entry for each user or an entry containing an asterisk (*) in the username field; users without entries cannot access any NetBackup-Java applications.
    • Note   Note    The asterisk specification cannot be used to authorize all users for any administrator capabilities. Each user must be authorized via individual entries in the auth.conf file.
    As in the example, any entries that designate specific user names must precede a line that contains an asterisk in the username field.
  • The remaining fields specify the access rights.
    • The ADMIN keyword specifies the applications that the user can access. ADMIN=ALL allows access to all NetBackup-Java applications and administrator-related capabilities. To restrict use to specific applications, see Authorizing Users for Specific Applications.
    • The JBP keyword specifies what the user can do with the Backup, Archive, and Restore application. JBP=ALL allows access to all Backup, Archive, and Restore capabilities, including those for administration. To allow only a subset of those capabilities, see Authorizing Users for Specific Applications.
    • An asterisk in the first field indicates that any user name is accepted and the user is allowed to use the applications as specified. The third line of this example has an asterisk in the first field, which means that NetBackup-Java validates any user name for access to Backup, Archive, and Restore.
    • JBP=ENDUSER+BU+ARC allows end users to only back up, archive and restore files.
      • In the example above, only a user logged in as mydomain\Administrator or mydomain\joe could administer NetBackup. All other users would have access to only Backup, Archive, and Restore.
      Note   Note    To use the NetBackup-Java administrator application on Windows (that is, any application except Backup, Archive, and Restore), a user must also be a member of the administrator group in the host computer's domain.
 ^ Return to Top Previous  |  Next >  
Product: NetBackup System Administrator's Help  
VERITAS Software Corporation
www.veritas.com