Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Web UI Administrator's Guide
  5. Section IX. Managing security
  7. Configuring multiperson authorization
  9. NetBackup operations that need multiperson authorization
NetBackup™ Web UI Administrator's Guide

NetBackup operations that need multiperson authorization

The following operations require multiperson authorization and therefore a ticket is generated for these operations:

  • Configuring multiperson authorization

  • Enabling and disabling operations that require multiperson authorization

  • Adding exempted users

  • Changing any multiperson authorization settings

  • Expiring images

  • Updating image expiration time

  • Changing the MSDP WORM configuration

  • Removing the MSDP WORM retention lock

  • Removing hold applied on the images

  • Updating CLI expiration period

  • Adding, updating, and deleting an API key

  • Adding, updating, and deleting KMS configuration, keys, and key groups

  • Adding, updating, deleting malware scan host

  • Adding, updating, deleting, copying backup and deployment policies

  • Configuring network access control

  • Updating the following global security settings:

    • Enabling and disabling NetBackup host communication with insecure hosts

    • Adding host aliases with or without NetBackup administrator's approval

    • Setting automatic deployment of certificates on a host

    • Enabling and disabling CAC/PIV authentication

    • Setting values for CAC/PIV certificate mapping attribute

    • Setting the value of the CAC/PIV certificate mapping attribute that is used to perform a search in active directory

    • Setting the value of the CAC/PIV certificate mapping attribute that is used to perform a search in LDAP directory

    • Enabling and disabling AD/LDAP domain mapping

    • Setting the value of the domain name that is used for user look-ups in active directory or LDAP

    • Setting the value of the OCSP URI that is used for certificate revocation checks with respect to CAC/PIV authentication

    • Enabling and disabling the data-in-transit encryption (DTE)

    • Setting unique identifier for external certificates

    • Allowing or disallowing the NetBackup web UI access to Operating System Administrators

    • Allowing or disallowing the default CLI access to OS administrators

    • Pausing client protection

    • Pausing client image expiration

    • Enabling and disabling TLS session resumption

    • Enabling and disabling rule engine for anomaly detection

    • Changing multifactor authentication configuration settings

    • Setting audit retention period for audit report

Even if multiperson authorization is configured for image expiry, the following operations do not require multiperson authorization:

  • Changing values for image retention level

  • Modifying retention levels in policy and SLP

  • Canceling incomplete SLPs using the nbstlutil command:

    Refer to the NetBackup Commands Reference Guide.

Feedback

Was this page helpful?
Previous

multiperson authorization process with respect to roles

Next

Configure multiperson authorization

Feedback

Was this page helpful?