Managing Access Control in PresSTORE



Similar documents
TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

1. Scope of Service. 1.1 About Boxcryptor Classic

Installing LearningBay Enterprise Part 2

Setting up a Scheduled task to upload pupil records to ParentPay

Click to begin. Maitre'D Full System Backup & Restore

Xopero Backup Build your private cloud backup environment. Getting started

Configuring the Active Directory Plug-in

Managing User Security: Roles and Scopes

Secure Data Transfer

Com.X. Call Center Analyser. User Guide

1. Please login to the Own Web Now Support Portal ( with your address and a password.

Administration: Users and Roles

9. Database Management Utility

WatchDox Administrator's Guide. Application Version 3.7.5

Dwebs IIS Log Archiver Installation and Configuration Guide for Helm 4

ElephantDrive Cloud Backup Module Contents

IIS, FTP Server and Windows

SQL Server Setup for Assistant/Pro applications Compliance Information Systems

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

Installation Guide. (You can get these files from

Open Directory. Contents. Before You Start 2. Configuring Rumpus 3. Testing Accessible Directory Service Access 4. Specifying Home Folders 4

User's Guide. Product Version: Publication Date: 7/25/2011

Active Directory Requirements and Setup

How To Set Up Dataprotect

Installation Guide. Before We Begin: Please verify your practice management system is compatible with Dental Collect Enterprise.

Cloudfinder for Office 365 User Guide. November 2013

How To Upgrade Your Microsoft SQL Server for Accounting CS Version

ZyXEL IP PBX Support Note. ZyXEL IP PBX (X2002) VoIP. Support Notes

ITA Mail Archive Setup Guide

Publishing Reports in Tableau

Competitive Analysis Retrospect And Our Competition

Technical Support Set-up Procedure

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

RPM Utility Software. User s Manual

Extending Remote Desktop for Large Installations. Distributed Package Installs

Centralized Mac Home Directories On Windows Servers: Using Windows To Serve The Mac

Alert Notification of Critical Results (ANCR) Public Domain Deployment Instructions

Using Microsoft Windows Authentication for Microsoft SQL Server Connections in Data Archive

Here you can see an example of the command results:

Training Events Database (TED) Setup Guide

QUANTIFY INSTALLATION GUIDE

i>clicker v7 Gradebook Integration: Blackboard Learn Instructor Guide

Deploying Intellicus Portal on IBM WebSphere

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Active Directory Integration Manual

1. Installation Overview

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

Initial Setup of Microsoft Outlook with Google Apps Sync for Windows 7. Initial Setup of Microsoft Outlook with Google Apps Sync for Windows 7

SANS Institute First Five Quick Wins

SQL Server 2008 R2 Express Edition Installation Guide

Configure Backup Server for Cisco Unified Communications Manager

ADP Workforce Now Security Guide. Version 2.0-1

Acronis Backup & Recovery 11

Link and Sync Guide for Hosted QuickBooks Files

TechNote. Contents. Overview. System or Network Requirements. Deployment Considerations

USER GUIDE. Snow Inventory Data Receiver Version 2.1 Release date Installation Configuration Document date

Quick Start Guide 0514US

owncloud Configuration and Usage Guide

If you examine a typical data exchange on the command connection between an FTP client and server, it would probably look something like this:

Business and enterprise cloud sync, backup and sharing solutions

Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite.

Online Client Portal Client User Guide

Setting Up the Mercent Marketplace Price Optimizer Extension

Creating Home Directories for Windows and Macintosh Computers

OMU350 Operations Manager 9.x on UNIX/Linux Advanced Administration

MSI Admin Tool User Guide

Moving to Plesk Automation 11.5

Transferring AIS to a different computer

PCLaw Administration Guide

How To Use 1Bay 1Bay From Awn.Net On A Pc Or Mac Or Ipad (For Pc Or Ipa) With A Network Box (For Mac) With An Ipad Or Ipod (For Ipad) With The

Reduce the number of years of general ledger transactions and balances to save

Enabling SSL and Client Certificates on the SAP J2EE Engine

Livezilla How to Install on Shared Hosting By: Jon Manning

Enabling Active Directory Authentication with ESX Server 1

Sophos Mobile Control Startup guide. Product version: 3

Embedded Web Server Security

User Guide - escan for Linux File Server

Application Note 116: Gauntlet System High Availability Using Replication

InfoRouter LDAP Authentication Web Service documentation for inforouter Versions 7.5.x & 8.x

Install SQL Server 2014 Express Edition

Detailed Features. Detailed Features. EISOO AnyBackup Family 1 / 19

Backing Up CNG SAFE Version 6.0

SOS SO S O n O lin n e lin e Bac Ba kup cku ck p u USER MANUAL

Citrix XenApp-7.6 Administration Training. Course

ACR Triad Web Client. User s Guide. Version October American College of Radiology 2007 All rights reserved.

Content Management System

Version 4.61 or Later. Copyright 2013 Interactive Financial Solutions, Inc. All Rights Reserved. ProviderPro Network Administration Guide.

IBM Campaign Version-independent Integration with IBM Engage Version 1 Release 3 April 8, Integration Guide IBM

Acronis Backup & Recovery 10 Advanced Server Virtual Edition. Quick Start Guide

External Data Connector (EMC Networker)

Moving the TRITON Reporting Databases

Features of AnyShare

equate Installation QUICK START GUIDE

Setting Up the Device and Domain Administration

Online Backup - Installation and Setup

Collax Archive

NetWrix SQL Server Change Reporter. Quick Start Guide

Transcription:

Managing Access Control in PresSTORE This article describes the functions to limit access for users in PresSTORE and discusses some scenarios as examples how to to configure non-administrator restore functions. The PresSTORE Process Access Permissions During installation, the PresSTORE job is set up to run with the highest privileges possible. The PresSTORE process (nsd on Unix systems, nsd.exe on Windows) runs with the root account on Unix and with system account on Windows. This is necessary to read all files during sync and backup, please do not attempt to use this for own user limitations. Login Access to PresSTORE Before working with PresSTORE via web GUI, a user has to authenticate by typing user name and password. This pair is then checked using operating system functions. PresSTORE does not maintain account information itself, instead it checks whether the user is permitted to login on the host where PresSTORE is running. On Unix like hosts (Mac, Linux, Solaris), the so called Pluggable Authentication Module is used for the check, so the authentication method used by the server can be influenced via PAM administration. The Omnipotent Administrator Account The administrator accounts in PresSTORE are omnipotent, each administrator has unlimited access to PresSTORE's web GUI. Administrators are users that belong to the following operating system level user groups: psadm (this groups does usually not exist) SysAdm (this group is added for helios support) admin (to support the admin group on Macs) the group 544 on Windows hosts, the administrator group Managing Access Control in PresSTORE 1/6

The following sketch shows the groups that enjoy administrator privileges in PresSTORE: The groups are identified by their name except for the group 544 on Windows which is identified by its group id because the name changes with the localization. In addition to these group memberships, the special user root (identified by name or, on Unix hosts, by the UID 0) is also administrator in PresSTORE. The Operator Account PresSTORE supports one more special account type: the Operator. This type of account is intended for non-administrator users who are allowed to maintain jobs and media. Operators in PresSTORE are users who a members of the operating system level user group psops or PrnAdm. The group psops usually does not exist, the group PrnAdm exists on Helios servers. Managing Access Control in PresSTORE 2/6

Operators are permitted to start and stop jobs in PresSTORE run jukebox inventories move media to or from the mail slot in a jukebox label tapes All other permissions of operators are the same as for normal users. Access Control Functions in PresSTORE Access control for users is maintained based on so called login areas. After login, the user will see only those login areas he/she may access. By permitting access to a login area, users are at the same time permitted to use the functions within a login area. Permissions for login areas are maintained on user group level. Please note that there is one special group named root that stands for all administrators, even if that root group does not exist on the operation system, e.g. as on Windows. Furthermore, user preferences allow to set up restrictions on a user base, these restrictions are applied to the user logged in. The following PresSTORE resources handle access permissions: Login areas may be restricted to users belonging to configured operating system level groups. This means that the login area remains invisible for other users. User preferences may restrict access permissions for each user. E.g. specific users may have access only to one login area (usually their own backup), while others have no such restriction. Default user preferences can be preset by adopting the generic user preferences template. Furthermore, the place to restore data to as well as the access to the PresSTORE functions (backup, archive,...) can be restricted per user. Clients may restrict the place to restore data to by predefining a special path to restore to. For details how to edit and where to find the single entries, please refer to the PresSTORE online manual. Managing Access Control in PresSTORE 3/6

The following sketch gives an overview of the permission management in PresSTORE Managing Access Control in PresSTORE 4/6

Example: Allow restore operations of user's own data This example shows a typical network with multiple workstation users. Each user shall be permitted to restore his data from backup, but users shall not get access to other users data and the restore shall write to a predefined folder only. Access to other backups or archives shall be denied. This setup can be achieved with the following steps: Create a Login Area for each user. Select the according backup index and set path to the path of the user's backup. In the User Preferences for the according user, remove download and archive from the list of Allowed operations and set the Login behavior to the above login area. In the Additional Options of the User Preferences, set the Fixed restore path to the desired folder on the user's client. Managing Access Control in PresSTORE 5/6

Example: Allow Archive and Restore Operations on Servers This example assumes an archive solution of two servers. Each user shall be permitted to archive data with one archive index, and all users may restore data to a specific folder on each server. This setup can be achieved with the following steps: Restrict access to all login areas. Administrators may adopt PresSTORE's method to restrict the access of the login areas General Setup and Job and Storage Management to members of group root by setting Allow access for group(s) in all login areas to group root. Grant access to the required Archive Plan by adding a user group to the according login area. If no group for these users exists, it is possible to create a new group, e.g. archivists in the operating system and declare users as members of that group. In the Client setup for the two servers, navigate to the Additional Options and set the Paths to restore to the desired folder. In case multiple paths are entered, users may select one of these before restore. Managing Access Control in PresSTORE 6/6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information