5 1 0:Using Access Control Lists
Keep in mind that the ACLs configuration in SEP sesam is version specific. For previous documentation versions, see Using ACLs in v. ≤ Beefalo V2.
An access control list (ACL) is a list of permissions attached to an object (e.g., client, location, backup, etc.). Use of ACL specifies conditions for a particular user or group to perform an operation on a specific object (e.g., client, location, backup, etc.).
SEP sesam 5.0.0 Jaglion provides enhanced authentication and authorization by only allowing users with superuser rights to configure ACLs. With ACLs, a superuser can configure permissions for any user or group with fine-grained access rights for locations, clients, backup tasks (or groups), media pools and schedules.
Before configuring ACLs, you need to activate authentication, configure the users, and specify their access rights. For details, see Configuring Database-Based Authentication.
Configuring permissions (ACLs)
In the SEP sesam GUI, you can configure ACLs for different objects, i.e., location, client, backup task, task group, media pool, and schedule. The object for which you want to configure ACLS must exist before you can add the relevant permissions in their properties (Permissions tab).
For details on how to configure SEP sesam objects (components), see: Configuring Location, Configuring Clients, Creating a Backup Task, Adding a Task to the Task Group, Creating a Schedule, or Configuring a Media Pool.
- Depending on the object for which you want to set ACLs (location, client, task, etc.), proceed as follows:
- For location or client: From Main selection -> Components -> Topology, select the relevant location or a client (under the location) and double-click it (or click the Properties button). The Location/Client properties window appears.
- For backup task or task group: From Main selection -> Tasks -> By Clients/By Groups, select the relevant backup task or a task group and double-click it (or click the Properties button). The Task/Task group properties window appears.
- For media pool: From Main selection -> Components -> Media Pools, select the relevant media pool and double-click it (or click the Properties button). The Media pool properties window appears.
- For schedule: From Main selection -> Scheduling -> Schedules, select the relevant schedule and double-click it (or click the Properties button). The Schedule properties window appears.
|You can also add a new user/group by clicking Add and selecting a relevant user/group from the drop-down list.|
Click OK to add the user/group.
When the superuser configures ACLs, the list of ACL entries is saved in the SEP sesam database and takes effect immediately. This means that the new authorization settings (stored ACLs) are used for all further queries for the objects.
|Further restrictions of the GUI display might depend on the UI mode. For the backup, restore and operator users the UI mode is set to Advanced automatically and cannot be changed by these users (only superuser or admin can change it). For more details, see Selecting UI mode.|
About Authentication and Authorization – Configuring Database-Based Authentication – Configuring Location – Configuring Clients – Creating a Backup Task – Adding a Task to the Task Group – Creating a Schedule – Configuring a Media Pool – Administering ACLs from the Command Line