nsr_usergroup(5)
nsr_usergroup(5)
NAME
nsr_usergroup - NetWorker resource type 'NSR usergroup'
SYNOPSIS
type: NSR usergroup
DESCRIPTION
Each NSR user group is described by a single resource of type NSR user-
group (see nsr_resource(5)). To edit the NSR usergroup resources for a
NetWorker server, type:
nsradmin -c "type:NSR usergroup"
or use NetWorker Management Console. See the nsradmin(8) manual page
for more information on using the NetWorker administration program.
This resource describes groups of NetWorker users and their privileges.
ATTRIBUTES
The following attributes are defined for resource type nsr_usergroup.
The information in parentheses describes how the attribute values are
accessed. Read-only indicates that the value cannot be changed by an
administrator. Read/write means the value can be set as well as read.
Choice means that the value of the attribute can only be one from a
list specific to that attribute. For example, privileges can be 'Backup
local data', or 'Operate NetWorker'. Several additional attributes
(for example, name) are common to all resources, and are described in
nsr_resource(5).
comment (read/write)
This attribute is provided for the administrator to keep any
explanatory remarks or supplementary information about the user
group.
users (read/write, list of strings)
This attribute specifies the list of users that are members of
the user group. Each line specifies a user or a group of users,
using one of these formats: user/host@domain , group/host@domain
, user@host , user@domain , group@host , group@domain , &net-
group (only available on platforms that support netgroups) ,
user_attribute=value[, ...].
where user is a user name; host is a host name; group is a user
group name; domain is a domain name; user_attribute can be user,
group, host, nwinstname, nwinstancename, domain, or domaintype
(type of the domain, NIS or WINDOMAIN).
The user attributes: nwinstname and nwinstancename are used to
indicate a NetWorker instance name. The value that should be
entered for either of these attributes is the value in the
"name" field in the NSRLA resource for the machine where a
matched user is connecting from.
value can be any string delimited by white space. If the value
has space in it, then it can be quoted with double quotes. The
value may contain wild cards, "*". Entering just a user name
allows that user to administer NetWorker from any host (equiva-
lent to user@* or */user or user=user). Netgroup names are
always preceded by an "&".
The format: user_attribute=value[, ...] is more secure because
the format is not overloaded. For example, if test@test.acme.com
is entered, then any users in the test group or users named test
and that are in the domain; test.acme.com or from the host;
test.acme.com will match this entry.
privileges (read/write, choice, null ok)
This attribute specifies the privileges members of this user
group have. This attribute may have zero or more of the follow-
ing privileges: Change Security Settings, Remote Access All
Clients, Configure NetWorker, Monitor NetWorker, Operate
NetWorker, Operate Devices and Jukeboxes, Backup Local Data,
Recover Local Data
Change Security Settings grants the permission to change secu-
rity settings such as updating a NSR usergroups resource or
changing remote access attribute in the NSR client resource.
Remote Access All Clients grants the permission to access other
clients data.
Configure NetWorker grants the permission to configure Net-
Worker, such as creating new clients or devices.
Operate NetWorker grants the permission to perform maintenance
operations on NetWorker, such as managing volumes or controlling
savegroups.
Monitor NetWorker grants the permission to monitor the activi-
ties and status of NetWorker.
Operate Devices and Jukeboxes grants the permission to operate
devices and jukeboxes, such as mounting, unmounting, and label-
ing of volumes.
Backup Local Data grants the permission to backup local data to
NetWorker.
Recover Local Data grants the permission to recover local data
from NetWorker.
This attribute can be any combination of the privileges
described above. The only exception is some privileges require
other privileges. For example, Change Security Settings privi-
lege requires Configure NetWorker privilege, Configure NetWorker
privilege must be set if Change Security Settings is set.
EXAMPLES
The usergroup resource named Users is shown below. (Hidden options are
not shown.) This is the default setup with the exception of the com-
ment field. Users on any machine in any domain are members of this
user group. Members in this group have the privilege to Recover local
data, Backup local data, and Monitor NetWorker.
type: NSR usergroup;
name: Users;
comments: Users can backup/recover data and monitor NetWorker;
users: *@*;
privileges: Monitor NetWorker,
Recover local data,
Backup local data;
Another example of how to setup the usergroup resource named Users is
shown below. Any users logged in to the domain engineering.acme.com
are members of this user group. Members in this group has the privilege
to Backup local data.
type: NSR usergroup;
name: Users;
comments: Members of this group can backup data to NetWorker;
users: domain=engineering.acme.com;
privileges: Backup local data;
SEE ALSO
nsradmin(8), nsr(8)
NetWorker 8.0.1 Dec 02, 12 nsr_usergroup(5)