Access to Bacula resources

Basics

There is possible to limit access to Bacula resources to give specific users ability to use selected resources. A good example for this case can be a company that wants to give employees ability to run backup and restore that every employee can log in to Bacularis and see only his/her backups. All of them are able to run backup only own computer and perform restore to locations on the own computer only.

To limit access to Bacula resources Bacularis uses the Bacula Console ACL function. To setup this access, you need to create the Console resource in which you can define what jobs should be available for this console. The same is for clients, pools, storages etc., you can define them in the Console.

Once you have the Console defined, you can assign it to the API basic users or to OAuth2 clients, depending if Bacularis Web to contact with API hosts uses the basic authentication or the the OAuth2 authorization. The default and the simplest one is basic authentication option.

../_images/bacularis_user_access_to_restricted_resources.png

Restricted Bacula resource access can be used together with limitted access to pages by roles. This way you can define to which Bacularis areas users should have access and what Bacula resources they can use.

Configuration

Below you can find steps needed to setup restricted Bacula resource access.

If you use the basic users in the API host:

  1. Create the Console ACL with defined selected Bacula resources,

  2. Assign the Console to the API basic user,

  3. Add new API host using the API basic user with assigned the Console.

  4. Assign the API host to Bacularis Web user.

If you use the OAuth2 authorization in the API host:

  1. Create the Console ACL with defined selected Bacula resources,

  2. Assign the Console to the OAuth2 client account,

  3. Add new API host using the OAuth2 client account with assigned the Console.

  4. Assign the API host to Bacularis Web user.

All the steps can be done on the Bacularis Web side without need to do anything directly on the API host.

Note

From Bacularis version 1.0.7 is available a new user wizard that significantly ease setting up users with roles, API hosts and Bacula resources. This wizard can be found on the Security page on the Users tab under New user button.