8 Classes and Rights
Table 8-1 defines the predefined obtool
classes. The rights are described in "Class Rights".
Table 8-1 Classes and Rights
Class RIghts | admin | operator | oracle | user | reader | monitor |
---|---|---|---|---|---|---|
all |
all |
owner |
owner |
none |
all |
|
all |
all |
owner |
owner |
none |
all |
|
privileged |
notdenied |
permitted |
permitted |
named |
none |
|
yes |
yes |
yes |
yes |
no |
yes |
|
yes |
yes |
yes |
yes |
no |
yes |
|
yes |
yes |
no |
no |
no |
yes |
|
yes |
yes |
yes |
yes |
no |
yes |
|
yes |
yes |
no |
no |
no |
yes |
|
yes |
yes |
yes |
no |
no |
no |
|
yes |
no |
no |
no |
no |
no |
|
yes |
yes |
no |
no |
no |
no |
|
yes |
yes |
yes |
yes |
no |
no |
|
yes |
yes |
no |
no |
no |
no |
|
yes |
yes |
yes |
yes |
no |
no |
|
yes |
no |
no |
no |
no |
no |
|
yes |
yes |
yes |
yes |
yes |
no |
|
yes |
yes |
no |
no |
no |
no |
|
yes |
yes |
yes |
no |
no |
no |
|
yes |
yes |
no |
no |
no |
no |
|
yes |
yes |
yes |
yes |
no |
no |
|
yes |
no |
yes |
no |
no |
no |
|
yes |
yes |
yes |
yes |
no |
yes |
|
yes |
yes |
yes |
no |
no |
no |
|
yes |
no |
no |
no |
no |
no |
|
yes |
yes |
yes |
no |
no |
no |
See Also:
Class Rights
This section describes the rights in Oracle Secure Backup classes.
access file system backups
This right specifies the type of access to file-system backups. The values are as follows:
-
owner
indicates that the Oracle Secure Backup user can access only file-system backups created by the user. -
class
indicates that the Oracle Secure Backup user can access file-system backups created by any Oracle Secure Backup user in the same class. -
all
indicates that the Oracle Secure Backup user can access all file-system backups. -
none
indicates that the Oracle Secure Backup user has no access to file-system backups.
You can set this right with the --fsrights
option of the mkclass or chclass commands.
access Oracle database backups
This right specifies the type of access to Oracle database backups made through the SBT interface. The values are as follows:
-
owner
indicates that the Oracle Secure Backup user can access only SBT backups created by the user. -
class
indicates that the Oracle Secure Backup user can access SBT backups created by any Oracle Secure Backup user in the same class. -
all
indicates that the Oracle Secure Backup user can access all SBT backups. -
none
indicates that the Oracle Secure Backup user has no access to SBT backups.
You can set this right with the --orarights
option of the mkclass or chclass commands.
browse backup catalogs with this access
This right applies to browsing access to the Oracle Secure Backup catalog. The rights are listed in order of decreasing privilege. Your choices are:
-
privileged
means that Oracle Secure Backup users can browse all directories and catalogs. -
notdenied
means that Oracle Secure Backup users can browse any catalog entries for which they are not explicitly denied access. This option differs frompermitted
in that it allows access to directories having no stat record stored in the catalog. -
permitted
means that Oracle Secure Backup users are bound by normal UNIX rights checking. Specifically, Oracle Secure Backup users can only browse directories if at least one of these conditions is applicable:-
The UNIX user defined in the Oracle Secure Backup identity is listed as the owner of the directory, and the owner has read rights.
-
The UNIX group defined in the Oracle Secure entity is listed as the group of the directory, and the group has read rights.
-
Neither of the preceding conditions is met, but the UNIX user defined in the Oracle Secure Backup identity has read rights for the directory.
-
-
named
means that Oracle Secure Backup users are bound by normal UNIX rights checking, except that others do not have read rights. Specifically, Oracle Secure Backup users can only browse directories if at least one of these conditions is applicable:-
The UNIX user defined in the Oracle Secure Backup identity is listed as the owner of the directory, and the owner has read rights.
-
The UNIX group defined in the Oracle Secure Backup identity is listed as the group of the directory, and the group has read rights.
-
-
none
means that Oracle Secure Backup users have no rights to browse any directory or catalog.
You can set this right with the --browse
option of the mkclass or chclass commands.
display administrative domain's configuration
This right allows class members to list objects, for example, hosts, devices, and users, in the administrative domain.
You can set this right with the --listconfig
option of the mkclass or chclass commands.
modify administrative domain's configuration
This right allows class members to edit, that is, create, modify, rename, and remove, all configuration data in an Oracle Secure Backup administrative domain. The data includes the following:
-
Classes
-
Users
-
Hosts
-
Devices
-
Defaults and policies
-
Schedules
-
Datasets
-
Media families
-
Summaries
-
Backup windows
-
Rotation policies
-
Duplication policies
-
Duplication windows
You can set this right with the --modconfig
option of the mkclass or chclass commands.
query and display information about devices
This right enables class members to query the state of all storage devices configured within the administrative domain.
You can set this right with the --querydevs
option of the mkclass or chclass commands.
receive email requesting operator assistance
This right enables class members to receive email when Oracle Secure Backup needs manual intervention. Occasionally, during backups and restores, operator assistance might be required, as when a different volume is required to continue a backup. In such cases, Oracle Secure Backup sends e-mail to all users who belong to classes with this attribute.
You can set this right with the --mailinput
option of the mkclass or chclass commands.