Granting User Permissions on Microsoft Windows Machines
By default, the Veeam Plug-in configuration file (veeam_config.xml) is located in the %PROGRAMFILES%\Veeam\VeeamPluginforOracleRMAN folder on the machine where Veeam Plug-in is installed. On Microsoft Windows machines, you can set up access to the plug-in configuration file using graphic user interface or Windows PowerShell.
Granting Permissions to the Plug-In Configuration File in Graphic User Interface
- Create a new user group:
- Launch Computer Management and expand the Tools > Local User and Groups node.
- Right-click the Groups node and select New Group.
- Specify group properties and save the group.
- Add users to the group.
- In the configuration file properties, remove all permissions for other user groups.
Note |
Some permissions can be inherited. To be able to remove such permissions, on the Security tab of the file Properties window, select Advanced, then click Disable Inheritance. |
- Limit the permissions for the configuration file to allow the Read and Write access only to the members of the group.
Granting Permissions to the Plug-In Configuration File Using Windows PowerShell
- Create a new user group by running the following command:
net localgroup "<groupName>" /comment:"<description>" /add |
where:
- <groupName> — the name of the created group.
- <description> — the description of the group.
- Add a user to the group with the following command:
net localgroup "<groupName>" "<userName>" /add |
where:
- <groupName> — the name of the created group.
- <userName> — the name of the account that will be granted access to the configuration file.
- Create a new access control list (ACL) with Read and Write permissions using this set of commands:
$newACL = New-Object System.Security.AccessControl.FileSecurity #creates a dedicated ACL $newACL.SetAccessRuleProtection($true,$false) #disables inheritance and deletes all inherited permissions $newACL.AddAccessRule( (New-Object System.Security.AccessControl.FileSystemAccessRule("groupName","Read","Allow"))) # allows read $newACL.AddAccessRule( (New-Object System.Security.AccessControl.FileSystemAccessRule("groupName","Write","Allow")))# allows write |
where:
- newACL — the name of the new access control list. You can give any name to this temporary variable.
- <groupName> — the name of the created group.
- Assign ownership of the new ACL to the previously created user group by running the following command:
$newACL.SetOwner([System.Security.Principal.NTAccount]"groupName") #sets owner for the ACL |
where:
- newACL — the name of the new access control list.
- <groupName> — the name of the created group.
- Apply the ACL to the plug-in configuration file using this command:
set-acl -Path:<configFilePath> -AclObject:$newACL #apply ACL to the plug-in configuration file |
where:
- <configFilePAth> — the path to the plug-in configuration file. The default path is %PROGRAMFILES%\Veeam\VeeamPluginforOracleRMAN\veeam_config.xml.
- newACL — the name of the new access control list.