1. Administrator's Guide
  2. Oracle Secure Backup Concepts
  3. Managing Users and Classes

2 Managing Users and Classes

An Oracle Secure Backup user is an administrative domain-wide identity, associated with a username. A class is a named collection of rights assigned to this user.

Note:

Do not confuse this sense of the term class with defaults and policies classes, which are a convenience for grouping defaults and policies related to one functional area of Oracle Secure Backup.

This chapter describes Oracle Secure Backup users and classes and explains how to configure them in your administrative domain.

This chapter contains these sections:

Note:

Before you set up an administrative domain, ensure you have logged into Oracle Secure Backup.

Overview of Oracle Secure Backup Users

Oracle Secure Backup stores information pertaining to Oracle Secure Backup users and rights on the administrative server, enabling Oracle Secure Backup to maintain a consistent Oracle Secure Backup user identity across the administrative domain.

Each user of an Oracle Secure Backup administrative domain has an account and an encrypted password stored on the administrative server. An operating system user can enter his or her Oracle Secure Backup username and password in the Oracle Secure Backup Web tool or obtool. The client program sends the password over an encrypted SSL connection to the administrative server for host authentication.

Note:

The practice of supplying a password in clear text on a command line or in a command script is not recommended by Oracle. It is a security vulnerability. The recommended procedure is to have the user be prompted for the password.

About Operating System Accounts

The namespace for Oracle Secure Backup users is distinct from the namespaces of existing UNIX, Linux, and Windows users. Thus, if you log in to a host in the administrative domain as operating system user johndoe, and if an Oracle Secure Backup user in the administrative domain is named johndoe, then these accounts are separately managed even though the name is the same. For convenience, you might want to create an Oracle Secure Backup user with the same name and password as an operating system user.

When you create an Oracle Secure Backup user, you can associate it with Linux, UNIX and Windows accounts. You can use one of these accounts for a backup operation that does not run with root privileges, also known as an unprivileged backup operation. In contrast, privileged backup and restore operations run on a client with root permissions on Linux and UNIX or Local System permissions on Windows.

Assume you create the Oracle Secure Backup user jdoe and associate it with UNIX account x_usr and Windows account w_usr. When jdoe uses the backup --unprivileged command to back up a client in the administrative domain, the job runs under the operating system accounts associated with jdoe. Thus, jdoe can only back up files on a UNIX client accessible to x_usr and files on a Windows client accessible to w_usr.

If you have the modify administrative domain's configuration right, then you can configure the preauthorization attribute of an Oracle Secure Backup user. You can preauthorize operating system users to make RMAN backups or log in to Oracle Secure Backup command-line utilities. For example, you can preauthorize the x_usr UNIX user to log in to obtool as Oracle Secure Backup user jdoe.

See Also:

Oracle Secure Backup Reference for more information about the modify administrative domain's configuration right

Note:

On Windows, Oracle Secure Backup stores the Windows name, password, and domain for each account. This data is communicated to the required client host over an encrypted SSL channel.

About NDMP Hosts

When setting up an Oracle Secure Backup user account, you can configure user access to an NDMP host, which is a device such as a filer that does not run NDMP natively. Passwords for NDMP hosts are associated with the host instead of the user. You can configure the host to use the default NDMP password, a user-defined text password, or a null password. You can also configure a password authentication method such as text or MD5-encrypted.

Note:

The practice of supplying a password in clear text on a command line or in a command script is not recommended by Oracle. It is a security vulnerability. The recommended procedure is to have the user be prompted for the password.

About User Configuration

When you ran installob on the administrative server, Oracle Secure Backup created the admin user by default. Unless you chose to create the oracle user for use in backing up and recovering Oracle Databases, no other Oracle Secure Backup users exist in the administrative domain.

After installation, you can create more Oracle Secure Backup users or manage the attributes of individual Oracle Secure Backup users. The following user attributes are particularly important:

  • Preauthorizations

    You can preauthorize an operating system user to log in to the user-invoked Oracle Secure Backup command-line utilities. You must preauthorize an operating system user to make Oracle Database SBT backups through RMAN.

    A preauthorization for an operating system user is associated with a specific Oracle Secure Backup user. For example, you can enable the Linux user johndoe to log in to obtool as the Oracle Secure Backup user named backup_admin. You could also preauthorize johndoe to run RMAN backups under the backup_admin identity.

  • Operating system accounts for unprivileged backups

    An unprivileged backup is a file-system backup of a client that does not run on the operating system as root on UNIX and Linux or as a member of the Administrators group on Windows. You must specify which operating system accounts are used for unprivileged backups.

    See Also:

About Oracle Secure Backup Password Policies

Every time you log on to Oracle Secure Backup, you must enter a valid user name and user password. Oracle Secure Backup enables you to manage your user passwords and their lifetime by choosing appropriate security settings. You can configure the global password settings, that apply to all users, while setting the global security policies. You also have the choice to specify user-specific settings while creating an Oracle Secure Backup user. When password settings are not specified for a particular user, the global security password policies are automatically applied. When password settings are specified while creating a user, the user-specific settings override the global password settings.

You can configure and modify the following settings to manipulate the lifetime of your password:

Password Lifetime

Password lifetime is the length of time, measured in number of days, for which an Oracle Secure Backup user password is valid. Once the stated lifetime of a password expires, you are asked to change the password.

However, if password grace time has been set, you are allowed to log on using the current password for a limited number of days, after it's validity has expired.

You can also disable the password lifetime, in which case the password will never expire. The Oracle Secure Backup Web tool enables you to set the password lifetime for an Oracle Secure Backup user.

Password Grace Time

Password grace time is the length of time, measured in number of days, for which an Oracle Secure Backup user can continue to log on to Oracle Secure Backup, after the validity of the current password has expired. The user receives a warning message while logging in, during the period for which the grace time has been set, indicating that the password will expire after the grace time ends. If you do not change your password by the time the set grace time ends, you are forced to change your password when you attempt to log on. You can choose to disable the password grace time in which case no grace time will be provided for that user.

Assume that you create an Oracle Secure Backup user scott and set the password lifetime to 60 days and the password grace time to 6 days. During the first Oracle Secure Backup login after the user password has expired, you will receive a message saying the current password has expired and you are recommended to change your password. You will not be forced to change the password immediately, but if you do not change the password, you will continue to receive the same message for the next six days as that is your password grace time. If the password is not changed even after the grace time expires, you will be presented with a password change screen during the next login. Once you change the password, you will be redirected to the user interface.

Password Reuse Time

Password reuse time is the duration, in number of days, that must elapse before you may reuse a previously-used Oracle Secure Backup password. You can choose to disable the password reuse time, in which case the password can never be reused.

Forcing a Password Change

You can force an Oracle Secure Backup user to change their current password, if required. The user must implement the forced password change, regardless of the password settings that were set during the user configuration.

Note:

To modify Oracle Secure Backup users, you must be a member of a class that has this right enabled. See "Overview of Oracle Secure Backup Classes and Rights" for details.

Overview of Oracle Secure Backup Classes and Rights

An Oracle Secure Backup class defines a set of rights granted to an Oracle Secure Backup user. A class is similar to a Linux or UNIX group, but it defines a finer granularity of access rights tailored to the needs of Oracle Secure Backup.

As shown in Figure 2-1, you can assign multiple Oracle Secure Backup users to a class. Each Oracle Secure Backup user can be a member of only one class.

Figure 2-1 Classes and Rights

Description of Figure 2-1 follows
Description of "Figure 2-1 Classes and Rights"

The following classes are key to understanding Oracle Secure Backup user rights:

  • admin

    This class is used for overall management of an administrative domain. The admin class has all the rights needed to modify administrative domain configurations and perform backup and restore operations.

  • operator

    This class is used for standard day-to-day operations. The operator class lacks configuration rights but has all the rights needed for backup and restore operations. It also allows the Oracle Secure Backup user to query the state of any primary or secondary storage device and to control the state of these devices.

  • oracle

    This class is similar to the operator class. The oracle class has all rights necessary to modify Oracle Database configuration settings and to perform Oracle Database backups. Class members are usually Oracle Secure Backup users that are mapped to operating system accounts of Oracle Database installations.

  • user

    This class gives Oracle Secure Backup users permission to interact in a limited way with their domains. This class is reserved for Oracle Secure Backup users who must browse their own data within the Oracle Secure Backup catalog and perform user-based restore operations.

  • reader

    This class enables Oracle Secure Backup users only to modify the given name and password for their user account and to browse their own catalog. Users in the reader class must know the exact restore path that they own, because they are not even able to see a listing of what hosts belong to the Oracle Secure Backup administrative domain.

    When creating a user in the reader class, you must map the user to a valid operating system user and group.

  • monitor

    This class enables Oracle Secure Backup users only to access Oracle Database backups, access file-system backups, display the administrative domain configuration, list all jobs, and display information about devices. Users in this class cannot perform backup or restore operations, modify the administrative domain, or receive email notifications.

    An Oracle Secure Backup user assigned to the monitor class is necessary as the OSB username parameter in Oracle Secure Backup target registration within Oracle Enterprise Manager.

See Also:

Managing Users

Oracle Secure Backup users are managed in their own namespace, distinct from operating system users. This section describes how to create and manage an Oracle Secure Backup user with the Web tool.

This section contains these topics:

See Also:

"About Operating System Accounts"

Displaying the Oracle Secure Backup Web Tool Home Page

Accessing the Oracle Secure Backup web tool home page is the first step in performing all Oracle Secure Backup backup and restore operations.

To access the Oracle Secure Backup web tool home page:

  1. Enter the URL of your Oracle Secure Backup web tool for your host in your web browser. The URL for the interface should have its format as https://hostname:portnumber.
  2. Add the security certificate for this URL and confirm the security exception on the Security Alert page to proceed.
  3. Enter your administrative credentials on the Oracle Secure Backup Login page. Enter your username and your administrative user password in the User Name and Password fields, respectively.

    The Oracle Secure Backup: Home Page appears as shown in the following figure.

    Figure 2-2 Oracle Secure Backup Home Page

    Description of Figure 2-2 follows
    Description of "Figure 2-2 Oracle Secure Backup Home Page"

Displaying the Users Page

To display the Users page:

  1. Follow the steps in "Displaying the Oracle Secure Backup Web Tool Home Page".

    The Oracle Secure Backup: Home Page appears

  2. Click Configure.
  3. On the Configure page, click Users to display the Users page, which is shown in Figure 2-3. This page lists all users authorized by Oracle Secure Backup along with their class names and email addresses. You can perform all user configuration tasks in this page or in pages to which it provides links.

Figure 2-3 Users Page

Description of Figure 2-3 follows
Description of "Figure 2-3 Users Page"

See Also:

Oracle Secure Backup Reference to learn about the user commands in obtool

Adding a User

You can use the Web tool to define an Oracle Secure Backup user. Each Oracle Secure Backup user account belongs to exactly one class, which defines the rights of the Oracle Secure Backup user.

To add one or more users:

  1. Follow the steps in "Displaying the Users Page".

    The Configure: Users page appears.

  2. Click Add.

    The Configure: Users > New Users page appears.

  3. Enter a user name in the User field.

    The name you enter must start with an alphanumeric character. It can contain only letters, numerals, dashes, underscores, or periods. The maximum character length that you can enter is 31 characters.

    The user name must be unique among all Oracle Secure Backup user names. Formally, it is unrelated to any other name used in your computing environment or the Oracle Secure Backup administrative domain. Practically, it is helpful to choose Oracle Secure Backup user names that are identical to operating system user names.

  4. Enter a password in the Password field.

    This password is used to log in to Oracle Secure Backup. The maximum character length that you can enter is 16 characters.

    Note:

    The practice of supplying a password in clear text on a command line or in a command script is not recommended by Oracle. It is a security vulnerability. The recommended procedure is to have the Oracle Secure Backup user be prompted for the password.

  5. Select a class in the User class list.

    A class defines a set of rights.

    See Also:

    "Overview of Oracle Secure Backup Classes and Rights"

  6. Enter a name for the Oracle Secure Backup user in the Given name box.

    This step is optional. The given name is for information purposes only.

  7. Enter a UNIX name for this account in the UNIX name field.

    This name forms the identity of any non-privileged jobs run by the Oracle Secure Backup user on UNIX systems. If you do not want this Oracle Secure Backup user to run Oracle Secure Backup jobs on UNIX systems, then leave this field blank.

  8. Enter a UNIX group name for this account in the UNIX group field.

    This name forms the identity of any non-privileged jobs run by the Oracle Secure Backup user on UNIX systems. If you do not want this Oracle Secure Backup user to run Oracle Secure Backup jobs on UNIX systems, then leave this field blank.

  9. Select yes in the NDMP server user list to request that NDMP servers in the Oracle Secure Backup administrative domain accept a login from this Oracle Secure Backup user by using the supplied user name and password.

    This option is not required for normal Oracle Secure Backup operation and is typically set to no.

  10. Enter the email address for the Oracle Secure Backup user in the Email Address field.

    When Oracle Secure Backup communicates with this user, for example to deliver a job summary or notify the user of a pending input request, it sends email to this address.

  11. Enter the duration of the password grace time in the Password grace time field. You can select the system default which is 3 days.

  12. Enter the duration of the password lifetime in the Password lifetime field. You can select the system default which is 180 days.

  13. Enter the duration of the password reuse time in the Password reuse time field. You can select the system default which is 1 year.

    See Also:

    "About Oracle Secure Backup Password Policies" for detailed description of the available password settings

  14. Click Apply, OK, or Cancel.

  15. If the Oracle Secure Backup user you configured must initiate backup and restore operations on Windows clients, then see "Assigning Windows Account Information".

Editing or Displaying User Properties

This section explains how to modify properties for an existing user account.

Note:

To modify Oracle Secure Backup users, you must be a member of a class that has this right enabled. See "Overview of Oracle Secure Backup Classes and Rights" for details.

To edit Oracle Secure Backup user properties:

  1. Follow the steps in "Displaying the Users Page".

    The Configure: Users page appears.

  2. Select an Oracle Secure Backup user whose properties you want to modify from the User Name list.

  3. Click Edit.

    The Configure: Users > user_name page appears.

  4. Edit the required user properties.

    See Also:

    "Adding a User" for information on setting user properties

    You cannot change the name of an Oracle Secure Backup user on this page. To rename an Oracle Secure Backup user, see "Renaming a User".

  5. Click Apply to apply the changes and remain on the Configure: Users > user_name page.

  6. Click OK to apply the changes and return to the Configure: Users page.

  7. Click Cancel to return to the Configure: Users page without making any changes.

  8. If the Oracle Secure Backup user you configured must initiate backup and restore operations on Windows clients, then see "Assigning Windows Account Information".

Changing a User Password

This section explains how to modify the password for an existing user account.

Note:

To modify Oracle Secure Backup users, you must be a member of a class that has this right enabled. See "Overview of Oracle Secure Backup Classes and Rights" for details.

To change an Oracle Secure Backup user password:

  1. Follow the steps in "Displaying the Users Page".

    The Configure: Users page appears.

  2. From the Users page, select an Oracle Secure Backup user from the User name list.

  3. Click Change Password.

    The Configure: Users > user_name page appears.

  4. Enter a password.

  5. Confirm the password.

  6. Click OK or Cancel.

Note:

The practice of supplying a password in clear text on a command line or in a command script is not recommended by Oracle. It is a security vulnerability. The recommended procedure is to have the Oracle Secure Backup user be prompted for the password.

Configuring a User in an Administrative Domain

It is recommended that you follow these steps to set up and manage Oracle Secure Backup users in your administrative domain:

  1. Add Oracle Secure Backup users by following the steps in "Adding a User", if necessary.
  2. Change the admin password if necessary.

    You set the original password when you installed Oracle Secure Backup on the administrative server. "Changing a User Password" describes this task.

    See Also:

    "About Oracle Secure Backup Password Policies" for more information about the available password settings

  3. Review the attributes of each Oracle Secure Backup user.

    "Editing or Displaying User Properties" describes this task.

  4. Configure preauthorization and account settings for unprivileged backups if necessary.

Assigning Windows Account Information

This section explains how to configure Windows account information for a user who must initiate backups and restore operations on Windows systems. You can associate an Oracle Secure Backup user with multiple Windows domain accounts or use a single account that applies to all Windows domains.

To assign Windows account information to an Oracle Secure Backup user:

  1. Follow the steps in "Displaying the Users Page".

    The Configure: Users page appears.

  2. Select an Oracle Secure Backup user in the User Name list.

  3. Click Edit.

    The Configure: Users > user_name page appears.

  4. Click Windows Domains.

    The Configure: Users > user_name > Windows Domains page appears.

  5. Enter a Windows domain name in the Domain name field.

    Enter an asterisk (*) in this field to associate this Oracle Secure Backup user with all Windows domains.

  6. Enter the account information for a Windows user in the Username and Password fields.

  7. Click Add to add the Windows account information.

    The page displays a success message, and account information appears in the Domain:Username list.

Note:

The practice of supplying a password in clear text on a command line or in a command script is not recommended by Oracle. It is a security vulnerability. The recommended procedure is to have the Oracle Secure Backup user be prompted for the password.

Removing a Windows Account

You can use the Web tool to remove Windows account information from an Oracle Secure Backup user account.

To remove a Windows account:

  1. From the Windows Domain page, select a Windows account in the Domain: Username list.

  2. Click Remove.

    The Configure: Users > user_name > Windows Domains page displays a message informing you that the Windows account was successfully removed.

Assigning Preauthorized Access

This section explains how to give access to Oracle Secure Backup services and data to a specified operating system user. You can preauthorize Oracle Database SBT backups through RMAN or preauthorize login to the user-invoked Oracle Secure Backup command-line utilities.

Oracle Secure Backup preauthorizes access only for a specified operating system user on a specified host. For each host within an Oracle Secure Backup administrative domain, you can declare one or more one-to-one mappings between operating system user and Oracle Secure Backup user identities.

You can create a preauthorization only if you have the modify administrative domain's configuration right. Typically, only an Oracle Secure Backup user in the admin class has this right.

See Also:

Oracle Secure Backup Reference for more information about the modify administrative domain's configuration right

To assign preauthorized access:

  1. Follow the steps in "Displaying the Users Page".

    The Configure: Users page appears.

  2. Select an Oracle Secure Backup user in the User Name list.

  3. Click Edit.

    The Configure: Users > user_name page appears.

  4. Click Preauthorized Access.

    The Configure: Users > user_name > Preauthorized Access page appears.

  5. In the Hosts list, select either all hosts or the name of the host to which the operating system user is granted preauthorized access.

  6. In the OS username field, enter the operating system user account with which the Oracle Secure Backup user should access services and data. Enter an asterisk (*) or leave blank to select all operating system users.

  7. In the Windows domain name field, enter the Windows domain to which the operating system user belongs. The Windows domain is only applicable to preauthorized logins from a Windows host. Enter an asterisk (*) or leave blank to select all domains.

    If you enter a Windows account name in the OS username field, then you must enter an asterisk, leave the box blank, or enter a specific domain.

  8. In the Attributes list, select cmdline, rman, or both.

    You can select both attributes by clicking one of them and then shift-clicking the other.

    The cmdline attribute preauthorizes login through the user-invoked Oracle Secure Backup command-line utilities such as obtool. The rman attribute preauthorizes Oracle Database SBT backups through RMAN.

  9. Click Add.

    The page displays a success message, and the preauthorized Oracle Secure Backup user appears in the list.

    See Also:

    "Creating a Preauthorized Oracle Secure Backup User" for more details about RMAN preauthorization

Removing Preauthorized Access

You can remove a preauthorization only if you have the modify administrative domain's configuration right. Typically, only an Oracle Secure Backup user in the admin class has this right.

To remove preauthorized access:

  1. From the Configure: Users > user_name > Preauthorized Access page, select the preauthorized access entry you want to remove in the main text pane.

  2. Click Remove.

    The preauthorized access entry is no longer displayed in the main text pane.

Renaming a User

You must have the modify administrative domain's configuration right to rename an Oracle Secure Backup user.

To rename an Oracle Secure Backup user:

  1. Follow the steps in "Displaying the Users Page".

    The Configure: Users page appears.

  2. Select the Oracle Secure Backup user whose name you want to change from the User Name list.

  3. Click Rename.

    A different page appears.

  4. Enter the name in the Rename user_name to field and click Yes.

    The Configure: Users page displays a success message, and the Oracle Secure Backup user has a different name in the User Name list

Removing a User

You must have the modify administrative domain's configuration right to remove an Oracle Secure Backup user.

To remove an Oracle Secure Backup user:

  1. Follow the steps in "Displaying the Users Page".

    The Configure: Users page appears.

  2. Select the Oracle Secure Backup user you want to remove from the User Name list.

  3. Click Remove.

    A confirmation page appears.

  4. Click Yes to remove the Oracle Secure Backup user.

    You are returned to the Configure: Users page. A message appears telling you the Oracle Secure Backup user was successfully removed.

Managing Classes

A class defines a set of rights that are granted to a user. A class can include multiple Oracle Secure Backup users, but each Oracle Secure Backup user is a member of one and only one class. In most cases, the default classes are sufficient.

This section contains these topics:

See Also:

"Overview of Oracle Secure Backup Classes and Rights"

Displaying the Classes Page

To display the Oracle Secure Backup: Classes Page:

  1. Follow the steps in "Displaying the Oracle Secure Backup Web Tool Home Page".
  2. Click Configure.
  3. In the Advanced section of the Configure page, click Classes to display the Configure: Classes page, as shown in Figure 2-4. You can use this page to manage existing classes or configure additional classes.

Figure 2-4 Classes Page

Description of Figure 2-4 follows
Description of "Figure 2-4 Classes Page"

See Also:

Oracle Secure Backup Reference to learn about the class commands in obtool

Adding a Class

Oracle Secure Backup creates default classes when the administrative domain is first initialized. You can use these classes or create your own.

To add a class:

  1. Follow the steps in "Displaying the Classes Page"

    The Configure: Classes page appears.

  2. Click Add.

    The Configure: Classes > New Classes page appears. This page lists class rights options.

  3. Enter a name for the class in the Class field.

    The name you enter must start with an alphanumeric character. It can contain only letters, numerals, dashes, underscores, or periods. The maximum character length is 127 characters.

    The class name must be unique among all Oracle Secure Backup class names. It is unrelated to any other name used in your computing environment or the Oracle Secure Backup administrative domain.

  4. Select the rights to grant to this class.

    See Also:

    Oracle Secure Backup Reference for a detailed explanation of these rights

  5. Click Apply or OK.

    The Configure: Classes page displays a success message, and your additional class appears in the list of classes.

Editing or Displaying Class Properties

To modify existing classes, you must have the modify administrative domain's configuration right. When you change the class that an Oracle Secure Backup user belongs to or modify the rights of such a class, changes do not take effect until the user exits from the Oracle Secure Backup component currently in use.

See Also:

Oracle Secure Backup Reference for more information about the modify administrative domain's configuration right

To edit a class:

  1. Follow the steps in "Displaying the Classes Page"

    The Configure: Classes page appears.

  2. Select the name of the class to edit in the Class Name list.

  3. Click Edit.

    The Configure: Classes > class_name page appears with details for the class you selected.

  4. Make the required changes.

    You cannot rename a class from this page. To rename a class, see "Renaming a Class".

  5. Click Apply to apply your changes and remain on the Configure: Classes > class_name page.

  6. Click OK to apply your changes and return to the Configure: Classes page.

  7. Click Cancel to return to the Configure: Classes page without making any changes.

Removing a Class

You cannot remove a class to which a user currently belongs. Instead, you must reassign or delete all existing members of a class before the class can be removed.

To remove a class:

  1. Follow the steps in "Displaying the Classes Page"

    The Configure: Classes page appears.

  2. Select the class to be removed in the Class Name list.

  3. Click Remove.

    A confirmation page appears.

  4. Click Yes.

    The Configure: Classes page displays a success message, and the class is gone from the Class Name list.

Renaming a Class

You must have the modify administrative domain's configuration right to rename a class.

To rename a class:

  1. Follow the steps in "Displaying the Classes Page"

    The Configure: Classes page appears.

  2. Select the class to rename in the Class Name list.

  3. Click Rename.

    A different page appears.

  4. Enter the name for the class in the Rename class_name to field and click Yes.

    The Configure: Classes page displays a success message, and the class appears with its different name in the Class Name list.

Managing Defaults and Policies

Defaults and policies control how Oracle Secure Backup operates within an administrative domain. Defaults and policies are divided into classes, depending upon what area of functionality they control. Each policy has a default setting, which you can modify based on your business or backup requirement.

See Also:

"About Defaults and Policies" for more information about the classification of policy classes

This section contains these topics:

Viewing Configured Defaults and Policies Values

To view the Oracle Secure Backup: Defaults and Policies Page:

  1. Follow the steps in "Displaying the Oracle Secure Backup Web Tool Home Page".
  2. Click Configure.
  3. In the Advanced section of the Configure page, click Defaults and Policies to display the page shown in Figure 2-5. This page lists the policy classes.

Figure 2-5 Defaults and Policies Page

Description of Figure 2-5 follows
Description of "Figure 2-5 Defaults and Policies Page"

See Also:

Oracle Secure Backup Reference to learn about the policy commands in the obtool command-line interface and the descriptions of the defaults and policies

Setting a Policy

Before changing a policy setting, refer to the "Defaults and Policies" chapter in Oracle Secure Backup Reference. This chapter contains extensive descriptions of the policies and describes valid settings. You should not ordinarily be required to change the default settings.

To change a policy setting:

  1. Follow the steps in "Viewing Configured Defaults and Policies Values".

  2. In the Policy column on the Defaults and Policies page, click the name of the policy class to be edited. For example, click scheduler.

    The policy_name page appears. Figure 2-6 shows the Scheduler page.

    Figure 2-6 Unmodified Scheduler Page

    Description of Figure 2-6 follows
    Description of "Figure 2-6 Unmodified Scheduler Page"

  3. Change the settings of one or more policies.

  4. Do one of these:

    • Click Apply to remain on this page.

    • Click OK to save the changes and return to the Defaults and Policies page.

    When you change a policy setting from its default, the Web tool displays the default value for the policy in the Reset to Default Value column.

Resetting a Policy

You can use the Web tool to reset the value of one or more Oracle Secure Backup policies to the default value.

To reset a policy:

  1. Follow the steps in "Viewing Configured Defaults and Policies Values".

  2. In the Policy column on the Defaults and Policies page, click the name of the policy class that contains the policy to be reset.

  3. Select the Reset to Default Value column for the policy that you are resetting.

  4. Click Apply or OK.