Workflow to configure multi-person authorization for NetBackup operations
Here are the high-level steps to configure multi-person authorization for NetBackup operations:
Table:
Step | Description |
|---|---|
Step 1 | Identify critical NetBackup operations that require multi-person authorization. See NetBackup operations that need multi-person authorization. |
Step 2 | Identify the approvers who can approve requests or multi-person authorization tickets. |
Step 3 | Assign the Default multi-person authorization approver RBAC role to the approvers. See RBAC roles and permissions for multi-person authorization. |
Step 4 | Configure multi-person authorization using the NetBackup web UI. |
Step 5 | When a user or a requester tries to perform an operation that requires multi-person authorization (for example, expiring an image), a ticket is generated. Initially, the ticket is in the pending state. |
Step 6 | The ticket is visible to all multi-person authorization approvers in the NetBackup web UI where they can review the ticket information and approve or reject the ticket. |
Step 7 | When the approver approves or rejects the ticket, the requester is notified. If the ticket is approved, the associated operation is executed. Note: For API key operations, the requester needs to execute the operation using the web UI after the ticket is approved. |
Multi-person authorization configuration begins when the Administrator or the Security Administrator enables critical operations that require multi-person authorization and specifies other settings like expiration period and purge period.
A multi-person authorization configuration ticket is generated. After the approver approves the ticket, multi-person authorization configuration comes into effect.
Configuring multi-person authorization for the first time involves adding users to the Default Multi-Person Authorization Approver role. To start using the multi-person authorization for additional data security, the Security Administrator must enable the multi-person authorization for critical pre-defined operations that require an additional approval from a user with the Default Multi-Person Authorization Approver role.
Initially, the Security Administrator should configure multi-person authorization that results into a multi-person authorization ticket. After the approver approves the ticket, multi-person authorization becomes mandatory for the specified NetBackup operation (such as image expiry). The Administrator or Security Administrator can add users to the Default Multi-Person Authorization Approver role at any point in time.