Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Security and Encryption Guide
  3. Configuring multi-person authorization
  4. Workflow to configure multi-person authorization for NetBackup operations
NetBackup™ Security and Encryption Guide

Workflow to configure multi-person authorization for NetBackup operations

Here are the high-level steps to configure multi-person authorization for NetBackup operations:

Table:

Step

Description

Step 1

Identify critical NetBackup operations that require multi-person authorization.

See NetBackup operations that need multi-person authorization.

Step 2

Identify the approvers who can approve requests or multi-person authorization tickets.

Step 3

Assign the Default multi-person authorization approver RBAC role to the approvers.

See RBAC roles and permissions for multi-person authorization.

Step 4

Configure multi-person authorization using the NetBackup web UI.

See Configure multi-person authorization.

Step 5

When a user or a requester tries to perform an operation that requires multi-person authorization (for example, expiring an image), a ticket is generated.

Initially, the ticket is in the pending state.

Step 6

The ticket is visible to all multi-person authorization approvers in the NetBackup web UI where they can review the ticket information and approve or reject the ticket.

Step 7

When the approver approves or rejects the ticket, the requester is notified. If the ticket is approved, the associated operation is executed.

Note:

For API key operations, the requester needs to execute the operation using the web UI after the ticket is approved.

Multi-person authorization configuration begins when the Administrator or the Security Administrator enables critical operations that require multi-person authorization and specifies other settings like expiration period and purge period.

A multi-person authorization configuration ticket is generated. After the approver approves the ticket, multi-person authorization configuration comes into effect.

Initial multi-person authorization configuration

Configuring multi-person authorization for the first time involves adding users to the Default Multi-Person Authorization Approver role. To start using the multi-person authorization for additional data security, the Security Administrator must enable the multi-person authorization for critical pre-defined operations that require an additional approval from a user with the Default Multi-Person Authorization Approver role.

Initially, the Security Administrator should configure multi-person authorization that results into a multi-person authorization ticket. After the approver approves the ticket, multi-person authorization becomes mandatory for the specified NetBackup operation (such as image expiry). The Administrator or Security Administrator can add users to the Default Multi-Person Authorization Approver role at any point in time.

Feedback

Was this page helpful?
Previous

About multi-person authorization

Next

RBAC roles and permissions for multi-person authorization

Feedback

Was this page helpful?