Environment
W2K3 SP2 with NBU 6.5.3
We have modified the bp.conf, auth.conf

I know NBAC can archive the objective.

But I don't want to introduce another component into NetBackup, which is NBAC.

We just want very very simple kind of Operator access via NB-Java GUI.

Would like to share with u what we have done to limit the Operator Access.

First, we created an Operator Account on the NetBackup Server 2003, just given 
the "User" right.
Then edit the Operator Account and disable the "RDP".
Then using Policy editor to add "Operator" into "Deny Local Logon" policy.

So, that archive our objective of "Operator" account is NOT able to RDP and 
logon locally into the NetBackup Server.
Operator only can use NB-Java GUI to access NetBackup via another PC

But it doesn't work as what we though.
First, without "Administrator" right to be given to Operator Account, it does 
not able to manage the media at all, for instance like robot inventory, 
importing/exporting tapes, of course we have given the MM to Operator via 
auth.conf

Then we have to give Operator account the "Administrator" right. But it still 
doesn't work as what we though.
With the policy "Deny Local Logon = Operator", the NB-Java GUI NOT allow 
Operator to logon from PC

We are in the dilemman and can not figure out is there any configuration we can 
do just to archive our simple objective.

Again, in short our very simple objective
"To allow Operator Account to access NetBackup via NB-Java GUI from a PC 
without RDP and can NOT physically logon to the machine locally."

Hope u could shed some light if just some simple configuration to be done 
without introducing other components.

Thanks
_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu