Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Security and Encryption Guide
  3. Configuring multi-person authorization
  4. Configure multi-person authorization
NetBackup™ Security and Encryption Guide

Configure multi-person authorization

The configuration of multi-person authorization for NetBackup operations is supported only from the NetBackup web UI. A user with the Administrator or the Security Administrator role can configure multi-person authorization for critical NetBackup operations.

To configure multi-person authorization for NetBackup operations

  1. Sign into the NetBackup web UI using the security administrator account.
  2. On the left, select Security > Multi-person authorization.
  3. At the top right, select the option Configure multi-person authorization.
  4. Go to Operations for multi-person authorization. Then select Edit.
  5. Select all or any of the following critical operations for which you want to configure multi-person authorization.
    • Images

      • Image expiry

      • Remove image hold

    • Security

      • Global security settings

      • Encryption key management

      • API keys

        Note:

        If multi-person authorization is enabled for API key operations, a ticket is generated. After the multi-person authorization ticket is approved, the user needs to execute the ticket using the Execute ticket option in the NetBackup web UI and then the required API key operation is executed.

        For NetBackup releases earlier than 10.5, if multi-person authorization is enabled, you cannot perform API key operations.

      • Malware scan host management

        Note:

        Starting with NetBackup 11.0, if multi-person authorization is enabled for this operation, a ticket is generated.

      • Protection

        • Policy management

          Note:

          Starting with NetBackup 11.0, if multi-person authorization is enabled for this operation, a ticket is generated. If there is an existing ticket for a policy that is pending for approval, you cannot perform any operations on the same policy until the existing ticket is either approved, rejected, canceled, or expired.

    • MSDP WORM

      • WORM retention lock removal

      • WORM configuration change

  6. Select Save.
  7. Configure the users to be exempted from multi-person authorization.

    Starting with 11.0, you can exempt users from multi-person authorization for specific operation and action for specific time frame.

  8. Configure email notifications that you want to send to approvers and other email recipients. You can specify additional email recipients to whom you want to send email notifications.

    Click Configure to configure the SMTP server for emails.

  9. Go to Schedules. Then select Edit.
  10. Specify when you want to expire and purge the multi-person authorization tickets.
  11. Select Save.
  12. Select Configure.

Feedback

Was this page helpful?
Previous

NetBackup operations that need multi-person authorization

Next

View multi-person authorization tickets

Feedback

Was this page helpful?