I don't think it will.  NOM 6.5.4 introduces the concept of a read-only 
user.  However NOM has no mechanism that I've seen to limit what a user 
can see.  All that I think you can limit via NBAC is what the NOM server 
can see.

The private/public server groups don't have any means to say who can or 
cannot look at them.

I must admit that I'm not clear what user credentials NOM uses when you 
try to take an action that affects a managed server, e.g. to retry a 
policy or DOWN a drive.  However, as we run our NOM server on Windows, and 
it is letting me control drives on a UNIX server - I don't think it is 
using the user credentials.  We don't use NBAC, and so far as I know we 
don't have any special way to map the Windows domain\user to a NIS user. 
Certainly things like the java auth.conf on the UNIX server is not going 
to have my Windows domain\user in it.

You could have a separate NOM server, but I read that Symantec do not 
recommend using >1 NOM server to manage a backup server.

Setting up NBAC might make some things easier, especially if you used to 
allow non-root access to some CLI.  I'm not sure it's easy, but we shied 
away from it for the moment.

I suggest you post an enhancement request and wait.   You could find out 
if NOM 6.5.4 can be used to manage 6.5.3, but as you would need the 6.5.4 
Client under it  you might have issues.

William D L Brown


veritas-bu-bounces AT mailman.eng.auburn DOT edu wrote on 15/06/2009 19:57:28:

> 
> We are a user of NetBackup NOM 6.5.3.  We are trying to get the NOM 
> Web GUI into the hands of a few of our critical users and would like
> to limit their access and view to only a few clients.  Providing an 
> userid to NOM gives the user full access to our NetBackup Master. We
> believe that the answer lies in setting up the new NBAC services and
> have seen articles on the web about how easy it is to set up yet the
> yellow book that the article references weighs in at 336 pages - 
> doesn't really sound that simple. 
> 
> Before moving forward we would like to confirm that setting up NBAC 
> services in our NetBackup 6.5.3 environment will in fact give us the
> ability to limit what a NOM user can see and do.
> 
> Thanks,
> 
> Jim
>  :?
> 
> +----------------------------------------------------------------------
> |This was sent by jim_brownell AT conseco DOT com via Backup Central.
> |Forward SPAM to abuse AT backupcentral DOT com.
> +----------------------------------------------------------------------
> 
> 
> _______________________________________________
> Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
> http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
> 


-----------------------------------------------------------
This e-mail was sent by GlaxoSmithKline Services Unlimited 
(registered in England and Wales No. 1047315), which is a 
member of the GlaxoSmithKline group of companies. The 
registered address of GlaxoSmithKline Services Unlimited 
is 980 Great West Road, Brentford, Middlesex TW8 9GS.
-----------------------------------------------------------

_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu