About Administrator Permissions - HP BB118BV - StorageWorks Data Protector Express Package User Manual

Thus your ability to set up separate Data Protector Express management domains is limited by the
number of backup devices you have and their respective locations on separate machines. For
example, to set up two catalogs, you would require at least two separate PC desktops or file or
application servers, each with at least one backup device.
Within a single Data Protector Express management domain, must some users be prevented access to
•
some data?
Multiple groups may share a single tape drive or backup device and thus are members of the same
Data Protector Express management domain. However, there may be reasons to allow these groups to
work with only their own data. For example, an accounting group may share a common tape drive
with a personnel group, although neither can be allowed access to the files and directories of the other
group.
The security needs of these situations can be addressed by carefully assigning permissions,
particularly to the machines, backup devices, media, volumes and directories.
Should access to certain functions be limited?
•
You may wish to distribute certain backup tasks to various users or groups. For example, each group
might be responsible for its own daily backup jobs and archive jobs. On the other hand, access to
certain Data Protector Express features may need to be limited. Users might be able to create tapes,
for example, but not restore files to disk or delete files on disk. Alternatively, you may want users to
run jobs you create, but not create their own jobs.
The security needs of these situations can be addressed by carefully assigning users select
permissions to various objects in the catalog. For example, you might assign permission to write files
to tapes, but not to volumes, thus preventing restore jobs from running.
Data Protector Express administrators have unlimited access to all of the objects in the catalog.
Any user who logs on as the Data Protector Express administrator will have complete access to all of the
files and machines on the catalog.
The most powerful user in any catalog is the Data Protector Express administrator. Because Data
Protector Express administrators are granted supervisor rights to the System Container, they have
unlimited access to all of the objects in the catalog. Any user who logs on as the Data Protector Express
administrator will have complete access to all of the files and machines on the catalog.
Your first security step should be to change the Data Protector Express administrator's password. Click
on the Security page. Select the Admin user. Select Change Password... from the Security menu. Type
in the new administrator's password, enter it again to confirm and click OK. Do not continue until you
have changed this password.
The only difference between the Data Protector Express administrator (Admin) and other users is that the
Data Protector Express administrator has Supervisor rights to the root object in the Data Protector
Express hierarchy, that is, the System Container. You may also create additional Data Protector Express
administrators as well as rename the Admin user.
Do NOT delete Admin unless you assign Supervisor or Access permission to the System
Container to another user.