Workflow to configure multiperson authorization for NetBackup operations
Here are the high-level steps to configure multiperson authorization for NetBackup operations:
Table:
Step | Description |
|---|---|
Step 1 | Identify critical NetBackup operations that require multiperson authorization. See NetBackup operations that need multiperson authorization. |
Step 2 | Identify the approvers who can approve requests or multiperson authorization tickets. |
Step 3 | Assign the Default multiperson authorization approver RBAC role to the approvers. See RBAC roles and permissions for multiperson authorization. |
Step 4 | Configure multiperson authorization using the NetBackup web UI. |
Step 5 | When a user or a requester tries to perform an operation that requires multiperson authorization (for example, expiring an image), a ticket is generated. Initially, the ticket is in the pending state. |
Step 6 | The ticket is visible to all multiperson authorization approvers in the NetBackup web UI where they can review the ticket information and approve or reject the ticket. |
Step 7 | When the approver approves or rejects the ticket, the requester is notified. If the ticket is approved, the associated operation is executed. Note: For API key operations, the requester needs to execute the operation using the web UI after the ticket is approved. |
Multiperson authorization configuration begins when the Administrator or the Security Administrator enables critical operations that require multiperson authorization and specifies other settings like expiration period and purge period.
A multiperson authorization configuration ticket is generated. After the approver approves the ticket, multiperson authorization configuration comes into effect.
Configuring multiperson authorization for the first time involves adding users to the Default multiperson Authorization Approver role. To start using the multiperson authorization for additional data security, the Security Administrator must enable the multiperson authorization for critical pre-defined operations that require an additional approval from a user with the Default multiperson Authorization Approver role.
Initially, the Security Administrator should configure multiperson authorization that results into a multiperson authorization ticket. After the approver approves the ticket, multiperson authorization becomes mandatory for the specified NetBackup operation (such as image expiry). The Administrator or Security Administrator can add users to the Default multiperson Authorization Approver role at any point in time.