IBM Spectrum Protect client authentication

When using the graphical user interface or command line interface of the IBM Spectrum® Protect client, you can log on using a node name and password or administrative user ID and password.

The client prompts for your user ID and compares it to the configured node name. If they match, the client attempts to authenticate the user ID as a node name. If the authentication fails or if the user ID does not match the configured node name, the client attempts to authenticate the user ID as an administrative user ID.

To use an administrative user ID with any of the backup-archive clients, the user ID must have one of the following authorities:
System privilege
Authority over the entire system. An administrator with system privilege can perform any administrative task.
Policy privilege
Authority over the node policy domain. Allows an administrator to manage policy objects, register client nodes, and schedule client operations for client nodes.
Client owner
Authority over the registered IBM Spectrum Protect client node. You can access the client through the web client or backup-archive client. You own the data and have a right to physically gain access to the data remotely. You can back up and restore files on the same or different system, and you can delete file spaces or archive data.
Client access
To use the web client to back up and restore files on a remote client system, you must have an administrative user ID with client access authority over the node name for the remote client system. If you do not want IBM Spectrum Protect administrators with client access authority over your node name to be able to back up and restore files on your system, specify the revokeremoteaccess option in your client options file.

Client access authority only allows IBM Spectrum Protect administrators to back up and restore files on remote systems. They do not have physical access to the data. That is, they cannot restore the data belonging to the remote system to their own systems. To restore data belonging to a remote system to your own system, you must possess at least client owner authority.

To determine what authority you have, you can use either of the following methods:

  • From the main IBM Spectrum Protect GUI window, select FileConnection Information.
  • Use the IBM Spectrum Protect server QUERY ADMIN command from the administrative command-line client.