Oracle® Secure Backup Reference Release 10.1 Part Number B14236-03 |
|
|
View PDF |
Table B-1 defines the predefined obtool
classes. The rights are described in "Class Rights".
Table B-1 Classes and Rights
Class RIghts | admin | operator | oracle | user | reader |
---|---|---|---|---|---|
browse backup catalogs with this access |
privileged |
notdenied |
permitted |
permitted |
named |
|
all |
all |
owner |
owner |
none |
display administrative domain's configuration |
yes |
yes |
yes |
yes |
no |
|
yes |
yes |
yes |
yes |
yes |
modify administrative domain's configuration |
yes |
no |
no |
no |
no |
|
yes |
yes |
yes |
no |
no |
perform backups as privileged user |
yes |
yes |
no |
no |
no |
|
yes |
yes |
yes |
yes |
no |
|
yes |
yes |
yes |
yes |
no |
|
yes |
yes |
yes |
yes |
no |
perform restores as privileged user |
yes |
yes |
no |
no |
no |
receive email requesting operator assistance |
yes |
yes |
yes |
no |
no |
receive email describing internal errors |
yes |
yes |
yes |
no |
no |
query and display information about devices |
yes |
yes |
yes |
yes |
no |
manage devices and change device state |
yes |
yes |
yes |
no |
no |
list any job, regardless of its owner |
yes |
yes |
no |
no |
no |
modify any job, regardless of its owner |
yes |
yes |
no |
no |
no |
perform Oracle backups and restores |
yes |
no |
yes |
no |
no |
See Also:
"Class Commands"This section describes the rights in Oracle Secure Backup classes.
This right applies to browsing access to the Oracle Secure Backup catalog. The rights are listed in order of decreasing privilege. Your choices are:
privileged
means that users can browse all directories and catalogs.
notdenied
means that users can browse any catalog entries for which they are not explicitly denied access. This option differs from permitted
in that it allows access to directories having no stat record stored in the catalog.
permitted
means that users are bound by normal UNIX rights checking. Specifically, Oracle Secure Backup users can only browse directories if at least one of the following conditions is applicable:
The UNIX user defined in the Oracle Secure Backup identity is listed as the owner of the directory, and the owner has read rights.
The UNIX group defined in the Oracle Secure Backup identity is listed as the group of the directory, and the group has read rights.
Neither of the preceding conditions is met, but the UNIX user defined in the Oracle Secure Backup identity has read rights for the directory.
named
means that users are bound by normal UNIX rights checking, except that others do not have read rights. Specifically, Oracle Secure Backup users can only browse directories if at least one of the following conditions is applicable:
The UNIX user defined in the Oracle Secure Backup identity is listed as the owner of the directory, and the owner has read rights.
The UNIX group defined in the Oracle Secure Backup identity is listed as the group of the directory, and the group has read rights.
none
means that the user has no rights to browse any directory or catalog.
You can set this right with the --browse
option of the mkclass or chclass commands.
This right specifies the type of access to Oracle Database backups made through the SBT interface. The values are as follows:
owner
indicates that the user can access only SBT backups created by the user.
class
indicates that the user can access SBT backups created by any Oracle Secure Backup user in the same class.
all
indicates that the user can access all SBT backups.
none
indicates that the user has no access to SBT backups.
You can set this right with the --orarights
option of the mkclass or chclass commands.
This right allows class members to list objects, for example, hosts, devices, and users, in the administrative domain.
You can set this right with the --listconfig
option of the mkclass or chclass commands.
This right enables class members to modify the password and given name attributes for their own user objects.
You can set this right with the --modself
option of the mkclass or chclass commands.
This right allows class members to edit, that is, create, modify, rename, and remove, all configuration data in an Oracle Secure Backup administrative domain. The data includes the following:
Classes
Users
Hosts
Devices
Defaults and policies
Schedules
Datasets
Media families
Summaries
Backup windows
You can set this right with the --modconfig
option of the mkclass or chclass commands.
This right allows the class member to back up only those files and directories to which the member has access by using either UNIX user and group names or a Windows domain account.
You can set this right with the --backupself
option of the mkclass or chclass commands.
This right enables class members to back up files and directories while acting as a privileged user. A privileged user is root
on UNIX or a member of the Administrators group on Windows.
You can set this right with the --backuppriv
option of the mkclass or chclass commands.
This right enables class members to view the status of scheduled, ongoing, and completed jobs that they create as well as transcripts for jobs that they create.
You can set this right with the --listanyjob
option of the mkclass or chclass commands.
This right enables class members to modify only jobs that they configured.
You can set this right with the --modanyjob
option of the mkclass or chclass commands.
This right enables class members to restore the contents of backup images under the restrictions of the access rights imposed by the user's UNIX name/group or Windows domain/account.
You can set this right with the --restself
option of the mkclass or chclass commands.
This right enables class members to restore the contents of backup images as a privileged user. A privileged user is root
on UNIX and a member of the Administrators group on Windows.
You can set this right with the --restpriv
option of the mkclass or chclass commands.
This right enables class members to receive email when Oracle Secure Backup needs manual intervention. Occasionally, during backups and restores, operator assistance might be required, as when a new tape is required to continue a backup. In such cases, Oracle Secure Backup sends email to all users who belong to classes with this attribute.
You can set this right with the --mailinput
option of the mkclass or chclass commands.
This right enables class members to receive email messages describing errors that occurred in any Oracle Secure Backup activity.
You can set this right with the --mailerrors
option of the mkclass or chclass commands.
This right enables class members to query the state of all storage devices configured within the administrative domain.
You can set this right with the --querydevs
option of the mkclass or chclass commands.
This right enables class members to control the state of devices.
You can set this right with the --managedevs
option of the mkclass or chclass commands.
This right enables class member to view the status of any scheduled, ongoing, and completed jobs as well as transcripts for any job.
You can set this right with the --listanyjob
option of the mkclass or chclass commands.
This right enables class members to make changes to all jobs.
You can set this right with the --modanyjob
option of the mkclass or chclass commands.
This right enables class members to back up and restore Oracle databases. Users with this right are Oracle Secure Backup users that are mapped to operating system accounts of Oracle database installations.
You can set this right with the --orauser
option of the mkclass or chclass commands.