Description
The Enhanced Auditing (EA) feature was introduced in NetBackup 7.7 for enhancing NetBackup audit trails to correctly capture the user activity details for various NetBackup entities. It also offers a NetBackup Administrator role with which a non-root user can manage all aspects of NetBackup. The Enhanced Auditing authorization model is not supported from NetBackup 10.3. The EA functionality is available with the NetBackup Role-based Access Control (RBAC) feature. This document helps you migrate from EA to RBAC.
Disabling EA
EA is considered as enabled if USE_AUTHENTICATION = ON and USE_VXSS = PROHIBITED set in the NetBackup configuration file.
Note - EA must be disabled before you upgrade NetBackup to 10.3 or later.
To disable EA, run the 'bpnbaz -DisableExAudit' command on the primary server and restart the NetBackup services.
- bpnbaz -DisableExAudit
On UNIX systems, the directory path to this command is: /usr/openv/netbackup/bin/admincmd
On Windows systems, the directory path to this command is: install_path\NetBackup\bin\admincmd
The NetBackup media server and clients fetch the EA configuration settings from the primary server every hour. At the time of upgrade, if EA is still enabled on the media server or client, you can refresh the EA settings as follows:
- Run the 'bpclntcmd -refresh_use_at' command or manually disable EA by setting USE_AUTHENTICATION = OFF using nbsetconfig command.
- Restart NetBackup services on that host.
On UNIX systems, the directory path to these command is: /usr/openv/netbackup/bin/
On Windows systems, the directory path to these command is: install_path\NetBackup\bin\
Migrating EA user to RBAC role
The EA provides a NetBackup Administrator role with which a non-root user can manage all aspects of NetBackup. Starting from NetBackup 10.3, to allow such EA admin users to perform NetBackup operations, you need to migrate them to NetBackup RBAC roles. You can view the existing EA admin users using 'bpnbaz -ListUsers' command.
- bpnbaz -ListUsers
On UNIX systems, the directory path to this command is: /usr/openv/netbackup/bin/admincmd
On Windows systems, the directory path to this command is: install_path\NetBackup\bin\admincmd
Note - The migration of EA users to RBAC can be performed after NetBackup upgrade. You can view the EA admin users using 'bpnbaz -ListUsers' command even after the upgrade.
With RBAC, granular permissions can be granted to a user or a user group. You can define a custom RBAC role or use the default roles as required to manage NetBackup. You can evaluate and provide limited access and permissions, based on user's role in your organization.
- As EA user is allowed to perform all operations in NetBackup, same level of access and permissions can be granted by adding the EA user to 'Default NetBackup Administrator' role in RBAC.
For more details about RBAC, refer to the 'Managing role-based access control' chapter from the NetBackup Web UI Administrator's Guide.
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.