Hi guys,
For Veeam Enterprise Manager installed on the same server as Veeam Backup and Replication, a local admin on the veeam server shouldn't necessarily have access to change his portal permissions from operator to administrator.
This is a security risk as a system admin may not be the necessarily be the backup admin.
Any quick fix for the above?
Cheers.
			
			
									
						
										
						- 
				VeaamGuy
- Influencer
- Posts: 21
- Liked: never
- Joined: Oct 19, 2015 4:11 am
- Full Name: Rushad Irani
- Contact:
- 
				veremin
- Product Manager
- Posts: 20736
- Liked: 2403 times
- Joined: Oct 26, 2012 3:28 pm
- Full Name: Vladimir Eremin
- Contact:
Re: [ID# 01232862] User can change his access without permis
But isn't local admin capable of basically everything on that system that has both VB&R and EM installed? Logging to backup console, deleting backup files, restoring necessary data, etc. (way more than a backup admin can do). Thanks.
			
			
									
						
										
						- 
				VeaamGuy
- Influencer
- Posts: 21
- Liked: never
- Joined: Oct 19, 2015 4:11 am
- Full Name: Rushad Irani
- Contact:
Re: [ID# 01232862] User can change his access without permis
Bringing an OS level access into the backup application is a bit risky. 
Lets look at the bigger picture, in a 5000+ organisation, a person with an admin role on the OS side of Veeam might not be privileged to private information stored on some VMs so even though he might have access to delete the backup that is still better than giving him the loop hole to restore the encrypted backup files somewhere to get access to that privileged information.
Kind Regards,
Rushad.
			
			
									
						
										
						Lets look at the bigger picture, in a 5000+ organisation, a person with an admin role on the OS side of Veeam might not be privileged to private information stored on some VMs so even though he might have access to delete the backup that is still better than giving him the loop hole to restore the encrypted backup files somewhere to get access to that privileged information.
Kind Regards,
Rushad.
- 
				VeaamGuy
- Influencer
- Posts: 21
- Liked: never
- Joined: Oct 19, 2015 4:11 am
- Full Name: Rushad Irani
- Contact:
Re: [ID# 01232862] User can change his access without permis
Hi guys,v.Eremin wrote:But isn't local admin capable of basically everything on that system that has both VB&R and EM installed? Logging to backup console, deleting backup files, restoring necessary data, etc. (way more than a backup admin can do). Thanks.
As mentioned above as well, the administrator might not be privilege to some specific VMs for example an HR system which only HR staff should have access to. I have also raised this in another post that the restores should ask for password confirmations which the system doesn't do as of now: vmware-vsphere-f24/improving-security-o ... 31847.html
I hope this is taken into consideration as this can have serious impact for the security of the backups.
Who is online
Users browsing this forum: bulletlynn, michele.berardo and 22 guests