Problem
NetBackup 8.3 introduces a new implementation of role-based access control. Any existing role-based access control configuration is immediately defunct. Administrator users (OS administrators, enhanced auditing administrators, appliance NBCLI users) will continue to have administrator level access to the system. However, all other user access will need to be reconfigured upon upgrade.
Error Message
While there are no error messages, there will be prompts during the installation/upgrade process that will reference this technical article and require user interaction to confirm acknowledgement before proceeding with the upgrade. Any NetBackup master server that is being upgraded from 8.1.2 (or higher) to NB 8.3 (or higher) will run this check.
Cause
Access rules are the entry point for access in RBAC API gen1. If there are access rules beyond the one that grants access to admin users (OS admins, enhanced auditing users, appliance NBCLI users), then there is some level of access control defined in the system being upgraded. The presence of any configured access rules means that some user(s) have non-admin access to the system that will be removed upon upgrade.
Solution
After the upgrade to NetBackup 8.3 is complete, a user may use the RBAC user migration tool available in the NetBackup 8.3 installation's goodies directory (Ex: /usr/openv/NetBackup/bin/goodies/rbac_user_migration) to optionally reconfigure some of the existing RBAC configuration to the new model in NetBackup 8.3.
A Perl script version of this tool may be obtained from https://sort.veritas.com/public/netbackup/rbac/rbac_user_migration.pl
Note: Only the current Backup Administrator and Security Administrator roles are convertible. In addition, note that the new Administrator role has all access to everything, which is different from the previous Backup Administrator role.
The options available will be
- To move backup admins to the Administrator role and
- Create a Security Administrator role and re-add those users previously members of the NetBackup 8.2 (or below) Security Administrator role.
Note: For option 2, note that the Administrator role has all permissions, including those of the previous Security Administrator role.
For additional information about RBAC changes, please see technical article 100047660.
References
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.