Content-type: text/html Man page of NSR_USERGROUP

NSR_USERGROUP

Section: File Formats (5)
Updated: Dec 11, 08
Index Return to Main Contents
 

NAME

nsr_usergroup - NetWorker resource type ``NSR usergroup''  

SYNOPSIS

type: NSR usergroup  

DESCRIPTION

Each NSR user group is described by a single resource of type NSR usergroup (see nsr_resource(5)). To edit the NSR usergroup resources for a NetWorker server, type:
nsradmin -c "type:NSR usergroup"

or use NetWorker Management Console. See the nsradmin(8) manual page for more information on using the NetWorker administration program.

This resource describes groups of NetWorker users and their privileges.  

ATTRIBUTES

The following attributes are defined for resource type nsr_usergroup. The information in parentheses describes how the attribute values are accessed. Read-only indicates that the value cannot be changed by an administrator. Read/write means the value can be set as well as read. Choice means that the value of the attribute can only be one from a list specific to that attribute. For example, privileges can be 'Backup local data', or 'Operate NetWorker'. Several additional attributes (for example, name) are common to all resources, and are described in nsr_resource(5).

comment            (read/write)
This attribute is provided for the administrator to keep any explanatory
remarks or supplementary information about the user group.
users               (read/write, list of strings)
This attribute specifies the list of users that are members of the
user group. Each line specifies a user or a group of users, using one of these formats: user/host@domain , group/host@domain , user@host , user@domain , group@host , group@domain , &netgroup (only available on platforms that support netgroups) , user_attribute=value[, ...].

where user is a user name; host is a host name; group is a user group name; domain is a domain name; user_attribute can be user, group, host, nwinstname, nwinstancename, domain, or domaintype (type of the domain, NIS or WINDOMAIN).

The user attributes: nwinstname and nwinstancename are used to indicate a NetWorker instance name. The value that should be entered for either of these attributes is the value in the "name" field in the NSRLA resource for the machine where a matched user is connecting from.

value can be any string delimited by white space. If the value has space in it, then it can be quoted with double quotes. The value may contain wild cards, "*". Entering just a user name allows that user to administer NetWorker from any host (equivalent to user@* or */user or user=user). Netgroup names are always preceded by an "&".

The format: user_attribute=value[, ...] is more secure because the format is not overloaded. For example, if test@test.acme.com is entered, then any users in the test group or users named test and that are in the domain; test.acme.com or from the host; test.acme.com will match this entry.

privileges           (read/write, choice, null ok)
This attribute specifies the privileges members of this user group have.
This attribute may have zero or more of the following privileges: Change Security Settings, Remote Access All Clients, Configure NetWorker, Monitor NetWorker, Operate NetWorker, Operate Devices and Jukeboxes, Backup Local Data, Recover Local Data
Change Security Settings grants the permission to change security settings such as updating a NSR usergroups resource or changing remote access attribute in the NSR client resource.
Remote Access All Clients grants the permission to access other clients data.
Configure NetWorker grants the permission to configure NetWorker, such as creating new clients or devices.
Operate NetWorker grants the permission to perform maintenance operations on NetWorker, such as managing volumes or controlling savegroups.
Monitor NetWorker grants the permission to monitor the activities and status of NetWorker.
Operate Devices and Jukeboxes grants the permission to operate devices and jukeboxes, such as mounting, unmounting, and labeling of volumes.
Backup Local Data grants the permission to backup local data to NetWorker.
Recover Local Data grants the permission to recover local data from NetWorker.
This attribute can be any combination of the privileges described above. The only exception is some privileges require other privileges. For example, Change Security Settings privilege requires Configure NetWorker privilege, Configure NetWorker privilege must be set if Change Security Settings is set.

 

EXAMPLES

The usergroup resource named Users is shown below. (Hidden options are not shown.) This is the default setup with the exception of the comment field. Users on any machine in any domain are members of this user group. Members in this group have the privilege to Recover local data, Backup local data, and Monitor NetWorker.




            type:NSR usergroup; 
            name:Users;
            comments:Users can backup/recover data and monitor NetWorker;
            users:*@*;
            privileges:Monitor NetWorker, 
             Recover local data,
             Backup local data;


Another example of how to setup the usergroup resource named Users is shown below. Any users logged in to the domain engineering.acme.com are members of this user group. Members in this group has the privilege to Backup local data.



            type:NSR usergroup;
            name:Users;
            comments:Members of this group can backup data to NetWorker;
            users:domain=engineering.acme.com;
            privileges:Backup local data;

 

SEE ALSO

nsradmin(8), nsr(8),


 

Index

NAME
SYNOPSIS
DESCRIPTION
ATTRIBUTES
EXAMPLES
SEE ALSO

This document was created by man2html, using the manual pages.
Time: 02:39:49 GMT, October 02, 2010