Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
Sign In Create an Account Premier Sign In Dell Financial Services Partner Program Sign In
Contact Us

Your Dell.com Carts

Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

NetWorker: How to create a local REST API only user

Summary: This KB shows you the necessary steps to create a local NetWorker user account that can use REST API but cannot log in to the NetWorker Management Console (NMC).

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

This KB shows you the necessary steps to create a local NetWorker user account that can use REST API but cannot log in to the NetWorker Management Console (NMC). This is not a requirement for using REST API.
 
  1. On the NetWorker server, open a root shell (Linux) or Administrator command-prompt (Windows):
  2. Create the REST API user account using the following command syntax:
authc_mgmt -u Administrator -p 'NETWORKER_ADMINISTRATOR_PASSWORD' -e add-user -D user-name="RESTAPI_USERNAME" -D user-password='USER_PASSWORD' -D user-enabled
Example: 
[root@nsr ~]# authc_mgmt -u Administrator -p '!Password1' -e add-user -D user-name="RESTAPI" -D user-password='!Password1' -D user-enabled
User RESTAPI is created successfully.
[root@nsr ~]#
  1. Grant the user permission on the NetWorker server.
For NetWorker Administrator rights, run the following command: 
nsraddadmin -e cn=RESTAPI_USERNAME,cn=users,cn=NSR_SERVERNAME,dc=DOMAIN_VALUE1,dc=DOMAIN_VALUE2
Example: 
[root@nsr ~]# nsraddadmin -e cn=RESTAPI,cn=users,cn=nsr,dc=amer,dc=lan
134751:nsraddadmin: Added role 'cn=RESTAPI,cn=users,cn=nsr,dc=amer,dc=lan' to the 'Security Administrators' user group.
134751:nsraddadmin: Added role 'cn=RESTAPI,cn=users,cn=nsr,dc=amer,dc=lan' to the 'Application Administrators' user group.


If you do not want the user to have Administrator rights, you can add the user to the users field of one of the NSR roles. This can be done from the NetWorker Management Console (NMC), NetWorker Web User Interface (NWUI) or from the nsradmin command prompt:

Syntax: user=USERNAME,host=NSR_SERVERNAME

Example of adding the REST API user to the Operators usergroup on a NetWorker server:

[root@nsr ~]# nsradmin
NetWorker administration program.
Use the "help" command for help, "visual" for full-screen mode.
nsradmin> show name;comment
nsradmin> p type: nsr usergroup
                        name: Users;
                     comment: \
Members of this group can back up to and recover from NetWorker.;

                        name: Database Administrators;
                     comment: \
Members of this group are typically database administrators that can partially administer NetWorker.;

                        name: Database Operators;
                     comment: \
Members of this group are typically database operators that can operate NetWorker.;

                        name: Auditors;
                     comment: \
Members of this group can audit the NetWorker security logs.;

                        name: Operators;
                     comment: Members of this group can operate NetWorker.;

                        name: Application Administrators;
                     comment: \
Members of this group can perform the application administration of NetWorker.;

                        name: Security Administrators;
                     comment: \
Members of this group can administer the security settings of NetWorker.;

                        name: Monitors;
                     comment: \
Members of this group can monitor the NetWorker application.;

                        name: Archive Users;
                     comment: Members of this group can archive local data;

                        name: VMware FLR Users;
                     comment: \
Members of this group can perform VMware file level recovery operations from NetWorker.;
nsradmin> show
Will show all attributes
nsradmin> . type: nsr usergroup; name: operators
Current query set
nsradmin> update users: user=RESTAPI,host=nsr.amer.lan
                       users: user=RESTAPI, host=nsr.amer.lan;
Update? y
updated resource id 125.0.90.20.0.0.0.0.196.80.99.102.192.168.9.150(4)
nsradmin> show
Will show all attributes
nsradmin> print
                        type: NSR usergroup;
                        name: Operators;
                     comment: Members of this group can operate NetWorker.;
              external roles: ;
                       users: user=RESTAPI, host=nsr.amer.lan;
                  privileges: Remote Access All Clients,
                              View Application Settings, Operate NetWorker,
                              Monitor NetWorker,
                              Operate Devices and Jukeboxes,
                              Recover Local Data, Recover Remote Data,
                              Backup Local Data, Backup Remote Data,
                              Archive Data;
nsradmin> q
[root@nsr ~]#
4. Ensure that authc trust has been established with the local authc instance: 
nsrauthtrust -H NSR_SERVERNAME -P 9090
nsraddadmin -H NSR_SERVERNAME -P 9090

5. REST API can be tested using the following:  
curl -ik GET -u RESTAPI_USERNAME:'USERPASSWORD' -H "Content-Type: application/json" https://NSR_SERVERNAM:9090/nwrestapi/v3/global/
Example: 
[root@nsr ~]# curl -ik GET  -u RESTAPI:'!Password1' -H "Content-Type: application/json" https://nsr.amer.lan:9090/nwrestapi/v3/global/
curl: (6) Could not resolve host: GET
HTTP/1.1 200
Content-Security-Policy: frame-ancestors 'none';script-src' 'self';object-src 'self'
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Date: Thu, 11 Jul 2024 18:22:58 GMT
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Expires: 0
Content-Type: application/json
Transfer-Encoding: chunked
Server: NSR SERVICES for Authentication

{"links":[{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/alerts","title":"List of alert messages"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/auditlogconfig","title":"Audit log configuration"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/auditlogconfigs","title":"Audit log configurations"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/backups","title":"List of backups"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/clients","title":"List of clients"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/cloudboostappliances","title":"List of cloudboost appliances"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/datadomainsystems","title":"List of data domain systems"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/dddevicereplication","title":"DD device replication"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/devices","title":"List of storage devices"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/directives","title":"List of backup directives"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/inspect","title":"Inspect remote/local server"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/jobgroups","title":"List of job groups"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/jobindications","title":"List of job indications"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/jobs","title":"List of jobs"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/jukeboxes","title":"List of jukeboxes"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/labels","title":"List of volume label templates"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/licenseconfig","title":"Server license configuration"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/licenses","title":"List of license templates"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/lockbox","title":"Lockbox resource"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/mediaconfig","title":"Server media configuration"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/mobilestorageunits","title":"Mobile storage units"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/nasdevices","title":"List of NAS devices"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/notifications","title":"List of notification settings"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/nsrcloneconfig","title":"NSR Clone Configuration"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/pools","title":"List of pools"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/probes","title":"List of probes"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/protectiongroups","title":"List of protection groups"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/protectionpolicies","title":"List of protection policies"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/recoverapps","title":"List of recovery applications"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/recovers","title":"List of recover resources"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/rules","title":"List of rules"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/schedules","title":"List of schedules"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/securityconfig","title":"Server security configuration"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/serverconfig","title":"Server configuration"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/servermessages","title":"List of server messages"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/serverstatistics","title":"Server statistics"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/sessions","title":"List of save/recover sessions"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/storagenodes","title":"List of storage nodes"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/tenants","title":"Restricted data zone protection"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/timepolicies","title":"List of Time Policies"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/unconfiguredlibraries","title":"List of unconfigured libraries"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/usergroups","title":"List of user groups"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/vmware","title":"View of VMware objects"},{"href":"https://nsr.amer.lan:9090/nwrestapi/v3/global/volumes","title":"List of volumes"}]}[root@nsr ~]#
 
NOTE: Some Windows systems have curl installed, and the command can also be run from the Windows command prompt. The REST URL can also be specified inside a web browser.

If you do not want the REST API user password to expire every 90 days (default), follow: NetWorker: How to disable password expiration for NetWorker accounts.

If there are multiple NetWorker servers in the environment, this process can be followed on each NetWorker server to ensure that the local REST API user is consistent across the datazone. If you are using a single (primary) authc server where the user account was created, you must add an additional header to the REST API functions. This instructs the REST API function to authenticate using the NetWorker authc server defined in the header. See: NetWorker REST API: How to use a remote AUTHC server when processing RESTAPI requests?

Additional Information

 

    Affected Products

    NetWorker

    Products

    NetWorker
    Article Properties
    Article Number: 000020534
    Article Type: How To
    Last Modified: 11 Jul 2024
    Version:  7
    Find answers to your questions from other Dell users
    Support Services
    Check if your device is covered by Support Services.