I don't think it will.  NOM 6.5.4 introduces the concept of a read-only
user.  However NOM has no mechanism that I've seen to limit what a user
can see.  All that I think you can limit via NBAC is what the NOM server
can see.

The private/public server groups don't have any means to say who can or
cannot look at them.

I must admit that I'm not clear what user credentials NOM uses when you
try to take an action that affects a managed server, e.g. to retry a
policy or DOWN a drive.  However, as we run our NOM server on Windows, and
it is letting me control drives on a UNIX server - I don't think it is
using the user credentials.  We don't use NBAC, and so far as I know we
don't have any special way to map the Windows domain\user to a NIS user.
Certainly things like the java auth.conf on the UNIX server is not going
to have my Windows domain\user in it.

You could have a separate NOM server, but I read that Symantec do not
recommend using >1 NOM server to manage a backup server.

Setting up NBAC might make some things easier, especially if you used to
allow non-root access to some CLI.  I'm not sure it's easy, but we shied
away from it for the moment.

I suggest you post an enhancement request and wait.   You could find out
if NOM 6.5.4 can be used to manage 6.5.3, but as you would need the 6.5.4
Client under it  you might have issues.

William D L Brown


veritas-bu-bounces AT mailman.eng.auburn DOT edu wrote on 15/06/2009 19:57:28:

>
> We are a user of NetBackup NOM 6.5.3.  We are trying to get the NOM
> Web GUI into the hands of a few of our critical users and would like
> to limit their access and view to only a few clients.  Providing an
> userid to NOM gives the user full access to our NetBackup Master. We
> believe that the answer lies in setting up the new NBAC services and
> have seen articles on the web about how easy it is to set up yet the
> yellow book that the article references weighs in at 336 pages -
> doesn't really sound that simple.
>
> Before moving forward we would like to confirm that setting up NBAC
> services in our NetBackup 6.5.3 environment will in fact give us the
> ability to limit what a NOM user can see and do.
>
> Thanks,
>
> Jim
>  :?
>
> +----------------------------------------------------------------------
> |This was sent by jim_brownell AT conseco DOT com via Backup Central.
> |Forward SPAM to abuse AT backupcentral DOT com.
> +----------------------------------------------------------------------
>
>
> _______________________________________________
> Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
> http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
>

-----------------------------------------------------------
This e-mail was sent by GlaxoSmithKline Services Unlimited
(registered in England and Wales No. 1047315), which is a
member of the GlaxoSmithKline group of companies. The
registered address of GlaxoSmithKline Services Unlimited
is 980 Great West Road, Brentford, Middlesex TW8 9GS.

-----------------------------------------------------------

_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu