Capabilities Authorization for jbpSA

Capabilities authorization in the Backup, Archive, and Restore interface enables certain parts of the user interface to allow one to perform certain tasks. Not all tasks can be performed successfully without some additional configuration. The following require additional configuration and are documented elsewhere:

• Redirected restores.
• User backups or archives require a policy schedule of these types and the task to be submitted within the time window of the schedule.

To authorize users for a subset of Backup, Archive, and Restore capabilities, use the following identifiers for the JBP keyword in the auth.conf file:

• ENDUSER - only authorized for restore capabilities; from true image, archive or regular backups plus redirected restores
• BU - allowed to perform backup tasks
• ARC - allowed to perform archive tasks (BU capability required for this)
• RAWPART - allowed to perform raw partition restores
• ALL - allowed for all of the above including restoring to a different client from the one you are logging into (that is, server-directed restores). This normally requires execution from the root account or an account set up for nonroot administration.

In addition, when authorized for ALL, the user can view a list of media IDs required for the files marked for restore through the Preview Media Required button at the bottom of the Restore Files tab in jbpSA.

The following example entry allows a user named bill to restore but not back up or archive files: