Granting User Permissions on Microsoft Windows Machines

By default, the Veeam Plug-in configuration file (veeam_config.xml) is located in the %PROGRAMFILES%\Veeam\VeeamPluginforOracleRMAN folder on the machine where Veeam Plug-in is installed. On Microsoft Windows machines, you can set up access to the plug-in configuration file using graphic user interface or Windows PowerShell.

Granting Permissions to the Plug-In Configuration File in Graphic User Interface

Create a new user group:

Launch Computer Management and expand the Tools > Local User and Groups node.
Right-click the Groups node and select New Group.
Specify group properties and save the group.

Add users to the group.
In the configuration file properties, remove all permissions for other user groups.

Note

Some permissions can be inherited. To be able to remove such permissions, on the Security tab of the file Properties window, select Advanced, then click Disable Inheritance.

Limit the permissions for the configuration file to allow the Read and Write access only to the members of the group.

Granting Permissions to the Plug-In Configuration File Using Windows PowerShell

Create a new user group by running the following command:

net localgroup "<groupName>" /comment:"<description>" /add

where:

<groupName> — the name of the created group.
<description> — the description of the group.

Add a user to the group with the following command:

net localgroup "<groupName>" "<userName>" /add

where:

<groupName> — the name of the created group.

<userName> — the name of the account that will be granted access to the configuration file.

Create a new access control list (ACL) with Read and Write permissions using this set of commands:

$newACL = New-Object System.Security.AccessControl.FileSecurity #creates a dedicated ACL

$newACL.SetAccessRuleProtection($true,$false) #disables inheritance and deletes all inherited permissions

$newACL.AddAccessRule( (New-Object System.Security.AccessControl.FileSystemAccessRule("groupName","Read","Allow"))) # allows read

$newACL.AddAccessRule( (New-Object System.Security.AccessControl.FileSystemAccessRule("groupName","Write","Allow")))# allows write

where:

newACL — the name of the new access control list. You can give any name to this temporary variable.
<groupName> — the name of the created group.

Assign ownership of the new ACL to the previously created user group by running the following command:

$newACL.SetOwner([System.Security.Principal.NTAccount]"groupName") #sets owner for the ACL

where:

newACL — the name of the new access control list.
<groupName> — the name of the created group.

Apply the ACL to the plug-in configuration file using this command:

set-acl -Path:<configFilePath> -AclObject:$newACL #apply ACL to the plug-in configuration file

where:

<configFilePAth> — the path to the plug-in configuration file. The default path is %PROGRAMFILES%\Veeam\VeeamPluginforOracleRMAN\veeam_config.xml.
newACL — the name of the new access control list.