Access to functions

Access to functions#

Scopes#

Function access in Bacularis refers to OAuth2 clients. Functions are defined as OAuth2 scopes, and they correspond to general Bacularis API functionalities, such as:

  • jobs

  • directors

  • clients

  • storages

  • devices

  • volumes

  • pools

  • bvfs

  • joblog

  • filesets

  • schedules

  • config

  • actions

  • oauth2

  • basic

  • consoles

Setting scopes in an OAuth2 client account determines which Bacularis API functions the Bacularis Web interface can access. For example, if the OAuth2 client is assigned the jobs and clients scopes, it can retrieve job lists, run backup jobs, and perform restores—but it cannot access volume lists or check storage statuses.

More specifically, each function corresponds to an API endpoint. For instance, the /jobs/ endpoint maps to the jobs scope, and the /volumes/ endpoint maps to the volumes scope.

What scopes to set#

For full access to the Bacularis Web interface, administrators should typically enable all scopes. For users with limited access, you can exclude administrative scopes such as config, actions, oauth2, and basic while including the rest.