You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+22Lines changed: 22 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -31,3 +31,25 @@ Pre-requisites:
31
31
##### Tools
32
32
The `tools` folder contains utilities that have proven useful in the development of projects using NetBackup APIs, but do not provide any API usage examples. Again, these tools are not for production use, but they may be of some use in your work.
33
33
34
+
#### NetBackup 8.3 RBAC Design Shift
35
+
NetBackup 8.3 introduced a major change in its RBAC configuration and enforcement design.
36
+
37
+
RBAC was introduced to NetBackup in the 8.1.2 release, offering access control for a limited number of security settings and workloads. That access control configuration was based on a dynamic object-level enforcement model using “Access Rules”.
38
+
39
+
With the NetBackup 8.3 release, RBAC has moved away from the dynamic access rule design.
40
+
The new RBAC allows more granular permissions, improved flexibility and greater control. The RBAC design is now based on Access Control Lists (ACLs) and closely follows the ANSI INCITS 359-2004. While the earlier design of RBAC enforcement was dynamic in nature, the new RBAC is static in its configuration.
41
+
42
+
The system-defined roles shipped with NetBackup also changed from 8.1.2 to the 8.3 release. In 8.1.2, there were three system-defined roles available for RBAC configuration. In the 8.3 release, this was simplified to offer a single “Administrator” role which has all privileges for RBAC.
43
+
44
+
Due to the significant design shift, automatic upgrade conversion of 8.1.2 RBAC roles to the new 8.3 roles is not feasible. However, tools are available to migrate the Backup administrator role and create a new Security administrator role for the users that had the old RBAC Security administrator role. Other roles must be reconfigured manually.
45
+
There is also a script in this repository available to generate templated NetBackup roles.
46
+
See **/recipes/perl/rbac-roles/rbac_role_templates.pl**
47
+
48
+
49
+
Any API keys in use prior to upgrade will still be valid, however, the underlying access granted those API keys must
50
+
be reconfigured using the new RBAC configuration, after which any active user sessions must be removed.
51
+
A utility script exists in this repository to help convert active API keys after upgrade to NetBackup 8.3.
52
+
See **/recipes/perl/access-control/access_control_api_requests.pl**
53
+
54
+
Most of the API examples in this repository assume a valid JWT (Json Web Token) or API Key issued by NetBackup and do not incorporate role configuration as part of the script.
55
+
However, there may be some examples which do configure RBAC as part of the script and have not yet been updated to use the RBAC design.
0 commit comments