Using KMS with NBAC
The following changes have been made to NBAC to support the introduction of KMS:
Addition of the new authorization object KMS
Addition of the new NetBackup user group NBU_KMS Admin
The permissions a user has on the KMS object determines the KMS-related tasks you are allowed to perform.
Table: Default KMS permissions for NetBackup user groups shows the default KMS permissions for each of the NetBackup user groups.
Table: Default KMS permissions for NetBackup user groups
Set | Activity | NBU_ User | NBU_ Operator | NBU_ Admin | NBU_ Security Admin | Vault_ Operator | NBU_ SAN Admin | NBU_ KMS Admin |
|---|---|---|---|---|---|---|---|---|
Browse | Browse | --- | --- | X | --- | --- | --- | X |
Read | Read | --- | --- | X | --- | --- | --- | X |
Configure | New | --- | --- | --- | --- | --- | --- | X |
Configure | Delete | --- | --- | --- | --- | --- | --- | X |
Configure | Modify | --- | --- | --- | --- | --- | --- | X |
Besides the KMS permissions listed above, the NBU_KMS admin group also has the following permissions on other authorization objects:
BUAndRest has Browse, Read, Backup, Restore, List
HostProperties has Browse, Read
License has Browse, Read