Users with restore only permissions can delete jobs from catalog!

Plural

Hi Marcin,

I followed this example in the documentation:
https://bacularis.app/doc/users/access-examples.html#regular-user-example

I notice that the final configuration give the user permitions to:

DELETE jobs from the catalog
ReRun jobs
Cancel jobs

Is this intencional? To avoid this behavior I needed to configure a console ACL and remove the permissions for some commands, like the run, cancel and delete commands.

Best regards,
Rui

gani

Hi Rui,

Thanks for your notice.

In this chapter are examples that can be adapted in different ways as they are examples. You adapted this example to your needs and I think you did well. I mean that they are for show idea how to do it, not to provide ready solution because for various administrators the regular user will mean something a bit different (different privileges, access, permissions ...etc.).

In this example we assumed what this user should be able to do (without specifing what user should not do):

have access to backups belonging to theirs computers
should be able to log in to the web interface, and do restore only own files to theirs own computers

With current setting both points are possible to do. The interface is restricted and resources as well.

For using Console ACLs, I think that it is a good idea and we can add it to this example. This will extend this example for sure. We will add it soon. Thanks.

Best regards,
Marcin Haba (gani)

Plural

Hi Marcin,

gani For using Console ACLs, I think that it is a good idea and we can add it to this example. This will extend this example for sure.

I think that can prevent some "disasters" from happen 😄.
But in general, administrators must be aware of that and test they own implementations for each use case.

Best regards,
Rui

gani

Hi Rui,

We have updated the documentation. In the regular user example we added Step 6.

Thanks!

Best regards,
Marcin Haba (gani)

Plural

gani
Hi Marcin,

Thank you for that.

Best regards,
Rui