Chapter 13: Advanced Permissions And Security; Overview - HP BB118BV - StorageWorks Data Protector Express Package User Manual

This section provides a detailed summary of Data Protector Express's extensive security system. If it is
your responsibility to manage the security of your Data Protector Express catalog and you are working
with sensitive data, this section can help you set up a complex security system that meets your particular
security needs.
Adding New Users and Groups
•
Effective Permissions
•
Permissions Reference
•

Overview

Permissions control what actions a user is allowed to perform within a given Data Protector Express
management domain. Users can be given extensive or limited permissions, allowing the Data Protector
Express administrator to distribute backup duties to various users and groups. This allows for a flexible,
non-centralized backup system while providing the highest degree of security for the network.
How your security is arranged depends on your unique security needs. Before setting up your security
system, consider the following questions:
Is more than one Data Protector Express management domain required?
•
Setting up separate Data Protector Express management domains can provide a high level of
security. If your security needs require that access to some data be strictly limited, setting up a
separate catalog is often the simplest way to achieve this.
Data cannot be shared between storage domains without using advanced procedures. Media from one
catalog must be imported into a new catalog before the data on it can be read or used. When it is
imported, Data Protector Express requires the media password, if set. If you assigned the media a
password when it was created, the media cannot be imported without that password.
If you do not assign the media a password, the media can be easily imported into any catalog. As a
result, the data is actually less secure when there are two or more catalogs than it would be with just
one catalog. If you are relying on multiple catalogs for security purposes, make sure that each created
media is assigned a password.
There may be, however, some limitations on the number of catalogs you can set up. In particular,
machines (file or application servers and PC desktops) can only be an object in one catalog. Similarly,
volumes can only belong to one Data Protector Express management domain. Files in one Data
Protector Express management domain cannot, without importing the media, be shared with catalog
objects in other Data Protector Express management domains.