Can non-root or non-Administrator personnel administer NetBackup?

This Wiki is brought to you by Backup Central, where you can find the Mr. Backup Blog, Forums, and a mailing list for each forum!
Backup FAQs	Service Providers	Backup Software	Backup Hardware	Backup Book Wiki	Free Stuff	Miscellaneous

This is possible in a number of ways. On UNIX:

Use the suggestions in the NetBackup Admin Guide labelled "Allowing nonroot users to administer NetBackup." They amount to using chmod to change the permissions of the executables, and possible making a special group for non-root administrators.

On NT:

Just use the NT Administrative Client: From Bob Bakh <bbakh@veritas.com>: "It slices it dices and does all you ask for and more. Just set up the users pc as a server in the bp.conf, restart the daemons or on NT sacrifice a lamb, or is that add their PC to the server list and restart services. The Administrative client can be found on any NetBackup Server CD, run the server install and select Server install, you get 3 choices, Master, Media, and Admin Client."

Note that the documented solution for Unix non-root administration (basically lots of chmod'ing of the important binaries) is not exactly perfect:

    - it needs to be re-enabled after any patching or upgrading

    - it will NOT work when you are using the java GUI (aka jnbSA).  The
    first thing jnbSA asks for is the root password.

I understand that "multilevel role-based authentication" is a very often-requested feature, I wouldn't be surprised to see it in NBU 4. Note that the documented solution for Unix non-root administration (basically lots of chmod'ing of the important binaries) is not exactly perfect:

    - it will NOT work when you are using the java GUI (aka jnbSA).  The
    first thing jnbSA asks for is the root password.

    first thing jnbSA asks for is the root password.

pkj> True, chmod is not the way to go for selective access to the Java GUI - That's why there's a logon dialog for server-user-password. The user CAN BE non-root [root is just the default, that's all]! There's a comprehensive chapter in the NetBackup Admin Guide on Authentication & Authorization that illustrates how to allow other administrators/operators selective access to jnbSA. With the new NetBackup 4.5 bp.conf "MEDIA_SERVER = xxx" [on the MASTER server] remote operators can be blocked from "accidentally" administering the MASTER server, and be allowed to just admin the MEDIA server they are managing.