Set Access
The set access command gives users at other nodes access to your backup versions or archived copies.
You can also use the set access command to give users at other nodes access to your backup images.
You can give another user access to a specific file or image, multiple files or images, or all files in a directory. When you give access to another user, that user can restore or retrieve your objects. Specify in the command whether you are giving access to archives or backups.
For VMware virtual machines, you can give a user at another node access to the backups of a specific virtual machine.
For VMware vCloud vApps, you can give another user at another node access to backups of one or more VMware vApps. That user can then restore or retrieve a backed up vCloud vApp, including all of the virtual machines that comprise the vApp.
When a node is exported to another Tivoli® Storage Manager server, the access rules can change on the importing server. If an access rule is applied to all file spaces on the exporting server, the access rule on the importing server is restricted to only those file spaces that are imported. The file spaces are restricted in the access rule on the importing server for security reasons. Additionally, the access rules do not recognize the first occurrence of a wildcard character in the file specification when you restore or retrieve. This means that if you restore or retrieve with a wildcard character in the file specification, subdirectories are ignored.
When an existing file space is renamed during Unicode conversion, any access rules that are defined for the file space remain applicable to the original file space. However, new access rules must be defined to apply to the new Unicode file space.
Supported Clients
This command is valid for all clients.
Syntax
>>-SET Access--+- --Archive-+-----------------------------------> '- --Backup--' >--+- --filespec-------------------------------------------------------------------+--> +- --{--filespacename--}--filespec----------------------------------------------+ +-image-fs----------------------------------------------------------------------+ +-TYPE=VM-- --vmname------------------------------------------------------------+ +-TYPE=VAPP--"--ORG=--org_name--,--ORGVDC=--orgvdc_name--,--VAPP=--vapp_name--"-+ '- --ASNODEname=--provider_vdc_name---------------------------------------------' >-- --node--+---------+---------------------------------------->< '- --user-'
Parameters
- Archive
- Permits access to archived files or images.
- Backup
- Permits access to backup versions of files or images.
- filespec
- Specifies the path, file, image, or directory to which your are
giving access to another node or user. Use wildcard characters to
specify a group of files or images, or all files in a directory; all
objects in a directory branch; or all objects in a file system. Use
a single asterisk "*" for the file spec to give access to all files
or images owned by you and backed up on the server. When the command set access backup "*" node is entered, no check is made
with the server; it is assumed you have at least one object backed
up.
If you give access to a branch of the current working directory, you only need to specify the branch. If you give access to objects that are not in a branch of the current working directory, you must specify the complete path. The file spec to which you gave access must have at least one backup version or archive copy object (file or directory) on the server.
To specify all files in a named directory, enter /home/mine/proj1/* on the command line.
To give access to all objects below a certain level, use an asterisk, directory delimiter, and an asterisk at the end of your file spec. For example, to give access to all objects below home/test, use file spec home/test/*/*.
Important: Use of the form /*/* alone will not give access to objects in the named directory; only those in directories below the named directory are accessible.The rules are essentially the same when considering the root directory. Enter /* on one set access command and /*/* on another if you want another user to have access to all files and directories in and below the root directory. The first /* gives access to all directories and all files in the root directory. The second /* allows access to all directories and files below the root directory.
For example:
- Your directory structure is multilevel: /home/sub1/subsub1.
- The /home directory contains the h1.txt and h2.txt files.
- The /home/sub1 directory contains file s1.htm.
- The /home/sub1/sub2 directory contains the ss1.cpp file.
To allow access to all files in the /home/sub1/sub2 directory, enter:set access backup /home/sub1/sub2/* * *
To allow access to only those files in the /home directory, enter:set access backup /home/* * *
To allow access to all files in all directories in and below the /home directory, enter:set access backup /home/* * * set access backup /home/*/* * *
- filespec
- Specifies the path, file, image, or directory to which your are
giving access to another node or user. Use wildcard characters to
specify a group of files or images, or all files in a directory; all
objects in a directory branch; or all objects in a drive. However,
you cannot use a wildcard to specify all drives. Use a single asterisk
"*" for the file spec to give access to all files or images owned
by you and backed up on the server. When the command set access
backup "*" node is entered, no check is made with the server;
it is assumed you have at least one object backed up.
If you give access to a branch of the current working directory, you only need to specify the branch. If you give access to objects that are not in a branch of the current working directory, you must specify the complete path. The file spec to which you gave access must have at least one backup version or archive copy object (file or directory) on the server.
To specify all files in a named directory, enter d:\test\mine\proj1\* on the command line.
To give access to all objects below a certain level, use an asterisk, directory delimiter, and an asterisk at the end of your file spec. For example, to give access to all objects below d:\test use file spec d:\test\*\*.
Important: Use of the form \*\* alone will not give access to objects in the named directory; only those in directories below the named directory are accessible.The rules are essentially the same when considering the root directory. Enter \* on one set access command and \*\* on another if you want another user to have access to all files and directories in and below the root directory. The first \* gives access to all directories and all files in the root directory. The second \* allows access to all directories and files below the root directory.
Note:- Use the file space name if the drive label name has changed.
- If you include filespacename, do not include a drive letter in the file specification.
For example:
- Your directory structure is multilevel: d:\test\sub1\subsub1.
- The d:\test directory contains the h1.txt and h2.txt files.
- The d:\test\sub1 directory contains file s1.htm.
- The d:\test\sub1\sub2 directory contains the ss1.cpp file.
To allow access to all files in the d:\test\sub1\sub2 directory, enter:set access backup d:\test\sub1\sub2\* * *
To allow access to only those files in the d:\test directory, enter:set access backup d:\test\* * *
To allow access to all files in all directories in and below the d:\test directory, enter:set access backup d:\test\* * * set access backup d:\test\*\* * *
- {filespacename}
- Specifies the file space name (enclosed in braces) on the server that contains the files to which you are giving access. This name is the drive label name on the workstation drive from which the file was backed up or archived. Use the file space name if the drive label name has changed.
- image-fs
- The name of the image file system to be shared. This can be specified as an asterisk (*) to allow access to all images owned by the user granting access.
- -TYPE=VM vmname
- This parameter is required if you are using this command to provide another user with access to VMware virtual machine backups. The vmname option can be specified only if -TYPE=VM is specified; vmname is the name of the VMware virtual machine that you are permitting access to.
- -TYPE=VAPP
- This parameter is required if you are using this command to provide another user with access to vCloud Director vApps that were backed up by the backup vapp command.
- To allow access to backed-up vApps, the command syntax depends
on the client operating system:
set access backup -TYPE=VAPP "ORG=orgname,ORGVDC=orgvdcname,
VAPP=vappname" node user -ASNODEname=providerVdcNodeset access backup -TYPE=VAPP "ORG=orgname,ORGVDC=orgvdcname,
VAPP=vappname" node -ASNODEname=providerVdcNodeThe ORG= and ORGVDC= values specify the organization and organization virtual datacenter to which a vApp belongs.
The VAPP= value can specify an individual vApp name or you can specify an asterisk (*) character, or you can omit the name; either notation permits access by the node to all vApps in the specified organization and organization virtual datacenter. The specified node has access to all of the virtual machines that comprise the vApp.
The -ASNODEname= parameter specifies the node that is associated with the vCloud provider that the organization virtual datacenter belongs to.
- node
- Specifies the client node of the user to whom you are giving access. Use wildcards to give access to more than one node with similar node names. Use an asterisk (*) to give access to all nodes.
- user
- This is an optional parameter that restricts access to the named user at the specified node. To allow any authorized user to access your backed up or archived data, specify root as the user.
Examples
- Task
- Give the user named JONES on the node named NODE1 access to all
of the backed up vApps from the organization named XYZ and the provider
virtual datacenter named VDC2. The provider virtual datacenter is
mapped to a node called ABC.
set access backup -TYPE=VAPP "ORG=XYZ,ORGVDC=VDC2,VAPP=*"
NODE1 JONES -ASNODE=ABC - Task
- Give the node named NODE1 access to all of the backed up vApps
from the organization named XYZ and the provider virtual datacenter
named VDC2. The provider virtual datacenter is mapped to a node called
ABC.
set access backup -TYPE=VAPP "ORG=XYZ,ORGVDC=VDC2,VAPP=*"
NODE1 -ASNODE=ABC - Task
- Give the user at node_2 authority to restore all files with an
extension of .c from the c:\devel\proja directory.
set access backup c:\devel\proja\*.c node_2
- Task
- Give the user at node_2 authority to restore
the budget file from the /home/user directory.
set access backup /home/user/budget node_2
- Task
- Give node_3 the authority to retrieve all files
in the /home/devel/proja directory.
set ac archive /home/devel/proja/ node_3
- Task
- Give the user at node_3 authority to retrieve
all files in the c:\devel directory, but do not permit
access to files in subdirectories of c:\devel, such
as c:\devel\proj.
set access archive c:\devel\* node_3
- Task
- Give all nodes whose names end with bldgb the
authority to restore all backup versions from directories with a file
space name of project.
set ac b "{project}/*" "*bldgb"
- Task
- Give all nodes whose names end with bldgb the
authority to restore all backup versions from all directories on the d: drive. The d: drive has the file space
name of project.
set ac b {project}\*\* *bldgb
- Task
- Give any authorized user on node1 authority to retrieve all files
in the /home/devel/projb directory.
set access archive /home/devel/projb/ node1 root
- Task
- Give user serena at node_5 authority to restore
all images of the file space mounted on directory /home/devel/proja.
set acc backup "home/devel/proja/*/*" node_5 serena
- Task
- Give the node named myOtherNode the authority
to restore files backed up by the VMware virtual machine named myTestVM.
set access backup -TYPE=VM myTestVM myOtherNode