Content-type: text/html
Man page of NSR_USERGROUP
NSR_USERGROUP
Section: File Formats (5)
Updated: Dec 11, 08
Index
Return to Main Contents
NAME
nsr_usergroup - NetWorker resource type ``NSR usergroup''
SYNOPSIS
type: NSR usergroup
DESCRIPTION
Each NSR user group is described by a single resource of type
NSR usergroup
(see
nsr_resource(5)).
To edit the NSR usergroup resources for a NetWorker server, type:
-
nsradmin -c "type:NSR usergroup"
or use
NetWorker Management Console.
See the
nsradmin(8)
manual page for more information on
using the NetWorker administration program.
This resource describes groups of NetWorker users and their privileges.
ATTRIBUTES
The following attributes are defined for resource type
nsr_usergroup.
The information in parentheses describes how the attribute values are accessed.
Read-only
indicates that the value cannot be changed by an administrator.
Read/write
means the value can be set as well as read.
Choice
means that the value of the attribute can only be one from a list specific to
that attribute. For example, privileges can be 'Backup local data',
or 'Operate NetWorker'.
Several additional attributes (for example, name) are common
to all resources, and are described in
nsr_resource(5).
- comment (read/write)
-
This attribute is provided for the administrator to keep any explanatory
remarks or supplementary information about the user group.
- users (read/write, list of strings)
-
This attribute specifies the list of users that are members of the
user group. Each line specifies a user or a group of users, using
one of these formats:
user/host@domain
,
group/host@domain
,
user@host
,
user@domain
,
group@host
,
group@domain
,
&netgroup
(only available on platforms that support netgroups)
,
user_attribute=value[, ...].
where user is a user name; host is a host name;
group is a user group name; domain is a domain
name; user_attribute can be user, group,
host, nwinstname, nwinstancename, domain,
or domaintype (type of the domain, NIS or WINDOMAIN).
The user attributes: nwinstname and nwinstancename are
used to indicate a NetWorker instance name. The value that should be
entered for either of these attributes is the value in the "name"
field in the NSRLA resource for the machine where a matched user is
connecting from.
value can be any string delimited by white space. If the value
has space in it, then it can be quoted with double quotes.
The value may contain wild cards, "*".
Entering just a user name allows that user to administer NetWorker
from any host (equivalent to user@* or */user or
user=user). Netgroup names are always preceded by an "&".
The format: user_attribute=value[, ...] is more
secure because the format is not overloaded. For example,
if test@test.acme.com is entered, then any users in the
test group or users named test and that are in the domain;
test.acme.com or from the host; test.acme.com will match
this entry.
- privileges (read/write, choice, null ok)
-
This attribute specifies the privileges members of this user group have.
This attribute may have zero or more of the following privileges:
Change Security Settings,
Remote Access All Clients,
Configure NetWorker,
Monitor NetWorker,
Operate NetWorker,
Operate Devices and Jukeboxes,
Backup Local Data,
Recover Local Data
-
Change Security Settings
grants the permission to change security settings such as updating a
NSR usergroups resource or changing remote access attribute in the NSR client
resource.
-
Remote Access All Clients
grants the permission to access other clients data.
-
Configure NetWorker
grants the permission to configure NetWorker, such as
creating new clients or devices.
-
Operate NetWorker
grants the permission to perform maintenance operations on NetWorker,
such as managing volumes or controlling savegroups.
-
Monitor NetWorker
grants the permission to monitor the activities and status of NetWorker.
-
Operate Devices and Jukeboxes
grants the permission to operate devices and jukeboxes,
such as mounting, unmounting, and labeling of volumes.
-
Backup Local Data
grants the permission to backup local data to NetWorker.
-
Recover Local Data
grants the permission to recover local data from NetWorker.
-
This attribute can be any combination of the privileges described above.
The only exception is some privileges require other privileges.
For example,
Change Security Settings
privilege requires
Configure NetWorker
privilege,
Configure NetWorker
privilege must be set if
Change Security Settings
is set.
EXAMPLES
The usergroup resource named
Users
is shown below. (Hidden options are not shown.)
This is the default setup with the exception of the comment field.
Users on any machine in any domain are members of this user group.
Members in this group have the privilege to
Recover local data,
Backup local data,
and
Monitor NetWorker.
type:NSR usergroup;
name:Users;
comments:Users can backup/recover data and monitor NetWorker;
users:*@*;
privileges:Monitor NetWorker,
Recover local data,
Backup local data;
Another example of how to setup the usergroup resource named
Users
is shown below.
Any users logged in to the domain
engineering.acme.com
are members of this user group. Members in this group has the privilege to
Backup local data.
type:NSR usergroup;
name:Users;
comments:Members of this group can backup data to NetWorker;
users:domain=engineering.acme.com;
privileges:Backup local data;
SEE ALSO
nsradmin(8),
nsr(8),
Index
- NAME
-
- SYNOPSIS
-
- DESCRIPTION
-
- ATTRIBUTES
-
- EXAMPLES
-
- SEE ALSO
-
This document was created by
man2html,
using the manual pages.
Time: 02:39:49 GMT, October 02, 2010