Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Security and Encryption Guide
  3. Configuring multi-person authorization
  4. NetBackup operations that need multi-person authorization
NetBackup™ Security and Encryption Guide

NetBackup operations that need multi-person authorization

The following operations require multi-person authorization and therefore a ticket is generated for these operations:

  • Configuring multi-person authorization

  • Enabling and disabling operations that require multi-person authorization

  • Adding exempted users

  • Changing any multi-person authorization settings

  • Expiring images

  • Updating image expiration time

  • Changing the MSDP WORM configuration

  • Removing the MSDP WORM retention lock

  • Removing hold applied on the images

  • Updating CLI expiration period

  • Adding, updating, and deleting an API key

  • Adding, updating, and deleting KMS configuration, keys, and key groups

  • Adding, updating, deleting malware scan host

  • Adding, updating, deleting, copying backup and deployment policies

  • Updating the following global security settings:

    • Enabling and disabling NetBackup host communication with insecure hosts

    • Adding host aliases with or without NetBackup administrator's approval

    • Setting automatic deployment of certificates on a host

    • Enabling and disabling CAC/PIV authentication

    • Setting values for CAC/PIV certificate mapping attribute

    • Setting the value of the CAC/PIV certificate mapping attribute that is used to perform a search in active directory

    • Setting the value of the CAC/PIV certificate mapping attribute that is used to perform a search in LDAP directory

    • Enabling and disabling AD/LDAP domain mapping

    • Setting the value of the domain name that is used for user look-ups in active directory or LDAP

    • Setting the value of the OCSP URI that is used for certificate revocation checks with respect to CAC/PIV authentication

    • Enabling and disabling the data-in-transit encryption (DTE)

    • Setting unique identifier for external certificates

    • Allowing or disallowing the NetBackup web UI access to Operating System Administrators

    • Allowing or disallowing the default CLI access to OS administrators

    • Pausing client protection

    • Pausing client image expiration

    • Enabling and disabling TLS session resumption

    • Enabling and disabling rule engine for anomaly detection

    • Changing multifactor authentication configuration settings

    • Setting audit retention period for audit report

Even if multi-person authorization is configured for image expiry, the following operations do not require multi-person authorization:

  • Changing values for image retention level

  • Modifying retention levels in policy and SLP

  • Canceling incomplete SLPs using the nbstlutil command:

    Refer to the NetBackup Commands Reference Guide.

Feedback

Was this page helpful?
Previous

Multi-person authorization process with respect to roles

Next

Configure multi-person authorization

Feedback

Was this page helpful?