User should only be able to perform very specific tasks

Question

Hey, I've taken a quick look at the Security Configuration Guide, but it's still not very clear how I would define a user with very specific permissions. Say I'd like to use the REST API to start a certain workflow and query its status. I wouldn't want that user to be able to do anything else and also not have access to NMC. How would I accomplish that? It's not really clear where you'd configure fine-grained RBAC. Searching the security configuration guide for 'role based' only yields one match 'The NetWorker Web UI uses the NetWorker role based access control configuration to define the access level available to the user.' Thanks.

Mikhail_Nikitin · Answer

If you are thinking to implement a limited functionality through the REST API you can build a web page that uses sufficient credentials for scripts at the back-end but authorize operators using AD credentials. This will add a layer of access control through your own scripts but it solves two problems: first - end users don't need to know or have access to NetWorker at all - they only know a web page with a few buttons, second - your access controls can be as granular as you want and can be modified anytime without need to go and change things in NetWorker.