• State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 15 subscribers
  • Views 6206 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NetVault user privilege restriction to run jobs in a client group

sebastien.barre
over 7 years ago

Hello

 

I'd like to understand how privileges works in NetVault, the administrator guide is unclear. Well, at least it doesn't work as I expect it to. Maybe I missed a document with better explanations.

I'm trying to restrict some users to only run jobs (or triggers) on certain clients.

 

What does client group membership let a user do, and what's the interaction with general privileges ?

A user can only list jobs in his client group membership, but he can run any Job ID if he have "Submit/update backup jobs" privilege.

He can run triggers affecting any client if he have "Run predefined jobs instantly" privilege.

 

Jobs owned by this user may run

I saw some obsolete explanations about how to know who owns a job, and how to change it. Looks a bit unclear and messy to use, my tests didn't work out on NetVault 11.1.

 

Thank you

  • 0 over 7 years ago

    Hello Sebastien,

     

    User Client Groups and privileges are sort of a mixed bag. On one had, users added to a restrictive client group will only have access to the clients defined within that group, however, it does not prevent that user from submitting or editing a specific job, or other job-related functions related to that client if that user has certain "manage job" type permissions granted.

    This Client Groups permission, is really tailored for two main functions - 1) To be able to manage those clients from a configuration aspect. 2) To be able to create a policy for those clients, which would involve creating a Policy Job which would allow only those clients to be added to it. However that is not to say it cannot just create normal backup jobs or perform restores with the clients within its client group.

    With NetVault 11.1, you now have different preset user permissions you can assign to a specific user, and combine that with the specific Client Group, that user should then only be able to manage clients and jobs within that group of clients. Which means they should only be able to see those clients they can control in all views.

    For example, if you give a user access to a client group of 5 Clients, they will only be able to make create, edit, and make changes to jobs and clients that are within that group, anything else will not appear or be able to be accessed.

     

    Please let me know if this has made it a bit clearer for you. I would be happy as well to arrange for a support session as well if one is so desired.

     

    Thanks,

    Andre

  • 0 over 7 years ago

    Hello

    Thanks for your quick answer.

    I did more tests, and list commands output seems logical with defined privileges and client groups memberships. My problem looks more and more like a bug, I'm opening a private support request.

    Best regards