Oracle® Secure Backup Reference Release 10.1 Part Number B14236-03 |
|
|
View PDF |
Purpose
Use the mkclass
command to define a user class.
Oracle Secure Backup predefines a number of classes, which are described in Appendix B, "Classes and Rights".
See Also:
"Class Commands" for related commandsPrerequisites
You must have the modify administrative domain's configuration right to use the mkclass
command.
Syntax
mkclass::=
mkcl•ass [ --modself/-m { yes | no } ] [ --modconfig/-M { yes | no } ] [ --backupself/-k { yes | no } ] [ --backuppriv/-K { yes | no } ] [ --restself/-r { yes | no } ] [ --restpriv/-R { yes | no } ] [ --listownjobs/-j { yes | no } ] [ --modownjobs/-J { yes | no } ] [ --listanyjob/-y { yes | no } ] [ --modanyjob/-Y { yes | no } ] [ --mailinput/-i { yes | no } ] [ --mailerrors/-e { yes | no } ] [ --querydevs/-q { yes | no } ] [ --managedevs/-d { yes | no } ] [ --listconfig/-L { yes | no } ] [ --browse/-b browserights ] [ --orauser/-o { yes | no } ] [ --orarights/-O oraclerights ] classname...
Semantics
The default for all mkclass
options that require a yes
or no
value is no
.
Enables users to modify their own password and given name.
Enables users to modify (create, modify, rename, and remove) all objects in an Oracle Secure Backup administrative domain. These modifiable objects include objects representing classes, users, hosts, devices, defaults, and policies.
Enables users to run backups under their own user identity.
Enables users to run backups as the root or privileged user.
Enables users to restore the contents of backup images under the restrictions of the access rights imposed by the user's UNIX name/group or Windows domain/account.
Enables users to restore the contents of backup images as a privileged user. On Linux and UNIX hosts, a privileged restore operation runs under the root
operating system identity. For example, Oracle Secure Backup user joeblogg runs under operating system account root
. On Windows systems, the restore operations runs under the same account as the Oracle Secure Backup service on the Windows client.
Grants users the right to view the following:
Status of scheduled, ongoing, and completed jobs that they configured
Transcripts for jobs that they configured
Grants users the right to modify only jobs that they configured.
Grants users the right to view the following:
Status of any scheduled, ongoing, and completed jobs
Transcripts for any job
Grants users the right to make changes to all jobs.
Enables users to receive email when Oracle Secure Backup needs manual intervention. Occasionally, during backup and restore operations, manual intervention of an operator is required. This situation can occur if a required volume cannot be found or a new tape is required to continue a backup. In such cases, Oracle Secure Backup sends email to all users who belong to classes having this right.
Enables users to receive email messages describing errors that occur during Oracle Secure Backup activity.
Enables users query the state of devices.
Enables users to control the state of devices by means of the obtool
command.
Enables users to list objects, for example, hosts, devices, and users, in the administrative domain.
Grants users browsing rights. Specify one of the following browserights values, which are listed in order of decreasing privilege:
privileged
means that users can browse all directories and catalogs.
notdenied
means that users can browse any catalog entries for which they are not explicitly denied access. This option differs from permitted
in that it allows access to directories having no stat record stored in the catalog.
permitted
means that users are bound by normal UNIX permissions checking (default). Specifically, Oracle Secure Backup users can only browse directories if at least one of the following conditions is applicable:
The UNIX user defined in the Oracle Secure Backup identity is listed as the owner of the directory, and the owner has read rights.
The UNIX group defined in the Oracle Secure Backup identity is listed as the group of the directory, and the group has read rights.
Neither of the preceding conditions is met, but the UNIX user defined in the Oracle Secure Backup identity has read rights for the directory.
named
means that users are bound by normal UNIX rights checking, except that others do not have read rights. Specifically, Oracle Secure Backup users can only browse directories if at least one of the following conditions is applicable:
The UNIX user defined in the Oracle Secure Backup identity is listed as the owner of the directory, and the owner has read rights.
The UNIX group defined in the Oracle Secure Backup identity is listed as the group of the directory, and the group has read rights.
none
means that no user has no rights to browse any directory or catalog.
Enables users to perform Oracle backup and restore operations (yes
or no
). This right enables users to perform any SBT operation, regardless of what other rights they have. For example, a user with this right can perform SBT restore operations even if the perform restores as self
right is set to no
.
Enables users with the specified rights to access Oracle database backups. The oraclerights placeholders can be any of the following values:
class
means that users can access SBT backups created by any Oracle Secure Backup user in the same class.
all
means that users can access all SBT backups.
none
means that users have no rights to access SBT backups.
owner
means that users can access only those SBT backups that they themselves have created (default).
Specifies the name of the class to be created. Class names are case-sensitive and must start with an alphanumeric character. They can contain only letters, numerals, dashes, underscores, and periods (no spaces). They may contain at most 127 characters.
Example
Example 2-80 creates a class called backup_admin
. The command accepts the default value of no
for --listownjobs
, --modownjobs
, --listanyjob
, --modanyjob
, --managedevs
, --orauser
, and --orarights
. Note that because of space constraints the mkclass
command in the example spans multiple lines.
Example 2-80 Making a Class
ob> mkclass --listconfig yes --modself yes --modconfig yes --backupself yes --backuppriv yes --restself yes --restpriv yes --mailinput yes --mailerrors yes --querydevs yes --browse privileged backup_admin ob> lsclass --long backup_admin backup_admin: browse backup catalogs with this access: privileged access Oracle backups: owner display administrative domain's configuration: yes modify own name and password: yes modify administrative domain's configuration: yes perform backups as self: yes perform backups as privileged user: yes list any jobs owned by user: no modify any jobs owned by user: no perform restores as self: yes perform restores as privileged user: yes receive email requesting operator assistance: yes receive email describing internal errors: yes query and display information about devices: yes manage devices and change device state: no list any job, regardless of its owner: no modify any job, regardless of its owner: no user can perform Oracle backups and restores: no