I would like to be able to grant access to one or more Windows
administrators to be able to recover *any* data backed up from Windows
machines, but is there a way to grant them this access without giving
them permission to also recover data backed up from Unix machines?
We're using 7.2.2 on a Solaris server, backing up both Unix and Windows
clients.
Under nwadmin, I see the "User Groups", featuring 'Users' and
'Administrators'. It seems that these two groups are identical with the
exception of the privileges granted but could be made equivalent by
simply selecting everything, but otherwise you have *@* with 1 of the 8
privileges selected: 'Monitor NetWorker'.
1. If I change "*@* to the specific Windows admins. and add 'Recover
local data' then they would only be able to recover data that was backed
up on the host they're running the recover program from, correct?
2. If they're a Windows administrator on that system then they would be
able to recover all the data; otherwise, only data that they had read
access to?
3. If I want them to be able to recover data from Windows machine A to
Windows machine B then I assume I have to also select: 'Remote access
all clients'?
4. What would prevent them then from recovering data that had been
backed up on a Unix box to a Windows box?
The problem I see here is that there's no way apparent way to customize
things on a per user basis. What ever options you select apply to all
the listed users. So, maybe I want everyone to be able to monitor
NetWorker, so I have *@* listed under the Users Group with only
'Monitor NetWorker' selected, but as soon as I want specific people to
be also be able to recover data then I'm granting everyone permission to
recover data wherein before they only had monitoring capability.
Furthermore, there doesn't appear to be any way to segregate Windows and
Unix permissions. And it looks as if as soon as I grant a user
permission to be able to recover from any Windows box to any Windows
box, I'm then allowing them to recover from any box period, Unix or
Windows. Seems like this should be more granular.
George
--
George Sinclair - NOAA/NESDIS/National Oceanographic Data Center
SSMC3 4th Floor Rm 4145 | Voice: (301) 713-3284 x210
1315 East West Highway | Fax: (301) 713-3301
Silver Spring, MD 20910-3282 | Web Site: http://www.nodc.noaa.gov/
- Any opinions expressed in this message are NOT those of the US Govt. -
To sign off this list, send email to listserv AT listserv.temple DOT edu and type
"signoff networker" in the body of the email. Please write to networker-request
AT listserv.temple DOT edu if you have any problems with this list. You can access the
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|
