commvault.com commvault.com
Solved

Backup & Restore rights on Agent base Level

S
Rank
Badge +5

Hi Team,

 

i got several Servers which have the Filesystem & SQL Agent installed. I grouped them based on agent to a SQL group. 

Now i wanted to give the SQL Admins the permission to backup & restore SQL instances. 

Unfortunately the grouping of “Client Computer Groups” with SQL Agent counts for the Whole “Client”

 

 

 

so when i add the SQL Admins as Backup / Restore user on that group they can also restore / backup on the Filesystem Agent ( as the Client is added not only the SQL Agent )

 

so is there a way to just allow the SQL agent and exclude the other Agents with an automatic association?

 

( the only way i found is manually just give the right on each Client Agent itself…. )

 

 

icon

Best answer by Jos Meijer 20 May 2022, 17:31

View original

3 replies

Jos Meijer
Rank
Userlevel 7
Badge +16

A few questions, is everyone using the Java GUI or are the FS and SQL admins using the Command Center. If command center which user groups do they belong to?

If currently the SQL admins are not using either GUI, Is the SQL plugin used in SQL manager?

S
Rank
Badge +5

A few questions, is everyone using the Java GUI or are the FS and SQL admins using the Command Center. If command center which user groups do they belong to?

If currently the SQL admins are not using either GUI, Is the SQL plugin used in SQL manager?

Hi Jos,

 

let me answer inline

A few questions, is everyone using the Java GUI or are the FS and SQL admins using the Command Center.

## Mainly the SQL admins should use the Command Center, but they might swap to CommCell depening on ther flavour ##

If command center which user groups do they belong to?

 

## Created a Role with necessary rights and added this to the Client Computer Group ##

If currently the SQL admins are not using either GUI, Is the SQL plugin used in SQL manager?

## Currently we are not utilizing the SQL plugin ##

 

Br Sebastian 

Jos Meijer
Rank
Userlevel 7
Badge +16

You could introduce the SQL plugin so the DBA can act within SQL on backup and recovery, but if they already have access to the Command Center and Java GUI this wouldn’t be an effective prevention regarding availability on filesystem backup data.

Command Center currently only allows you to define such restrictions by using the menu customization, but in order to do so you will need to have your users divided in the master vs. tenant admin vs tenant user vs. restricted user setup, which currently isn't the case.

There is a differentiation possible if we are talking about hypervisor backup in combination with application backup. As you can then define groups on agent/package basis and simply don’t provide rights on the hypervisor. But in your situation this doesn’t seem the setup.

Based on the current setup I would say that defining rights manually on agent level will be your only solution. There is no way, as far as I know, to filter agents based on group and role relations.
They will always see all the agents on the client.

Reply


Terms & ConditionsCookie settings