Introduction


This topic helps you understand the PX-Backup Security, how it is useful to your enterprise, and how you can access it to define roles and assign roles to users.

Introduction

PX-Backup Security is a built-in feature in PX-Backup. PX-Backup Security allows you to control user access to certain resources by setting governance policies and managing permissions for the application owners on the platform. PX-Backup Security is a role-based access control (RBAC) system that enables authorization for users or user groups through an existing OIDC authentication service such as Keycloak and Okta.

PX-Backup allows mapping users or user groups to specific roles. These roles control actions and permissions that a user is allowed to perform. Administrators set the scope of access and allow users to share resources.

PX-Backup Security allows administrators and application owners manage access to the following resources:

  • Cloud Accounts
  • Backup Locations
  • Schedule policies
  • Rules
  • Roles

Kubernetes administrators and application owners use PX-Backup Security to configure backups and restores, by providing a granular level of authorization to PX-Backup resources. PX-Backup security supports different levels of authorization across multiple PX-Backup deployments while retaining the same user management and authentication.

PX-Backup is managed using PX-Central which provides OIDC integration. PX-Backup Security for clusters is controlled by Kubernetes access control. Administrators can add their clusters in PX-Backup with the credentials or Kubeconfig assigned to them. PX-Backup inherits the permissions from Kubernetes and displays the resources that a user contains permission to access.

PX-Backup built-in roles

The PX-Backup built-in roles match user personas managing the Kubernetes infrastructure and applications:

  • Infrastructure administrator (px-backup.infra.admin): The infrastructure owner with administrator privileges for PX-Backup resources such as cloud accounts, backup locations, schedules, and rules. Infrastructure administrators create custom rules, in addition to the built-in rules in PX-Backup. Infrastructure owners or any user can create a shared resource pool to share backup locations, schedules, and backup rules with other users.

  • Application administrator (px-backup.app.admin): Application administrators can manage applications they own. Application administrators contain privileges for schedules and rules, and can use existing cloud accounts.

  • Application user (px-backup.app.user): The application users who can backup and restore applications, but cannot create a schedule policy or rules.

NOTE:

  • PX-Backup does not allow editing the built-in roles, but you can duplicate them.

  • If an Infrastructure administrator removes certain role permissions from a user, then the user is automatically assigned with the updated permissions. Thereafter, PX-Backup restricts any actions (for example, deleting) on the objects created by the user using the old permissions.

Access PX-Backup Security

Perform the following steps to access PX-Backup Security:

  1. Log in to PX-Backup using the infrastructure administrator credentials.

  2. Select the PX-Backup Security option from the profile menu in the lower left corner of the PX-Backup page.

Access PX-Backup Security

The PX-Backup Security includes:

  • Role Mapping: Displays all existing OIDC users (when you integrate PX-Backup with an external OIDC), and new users added by the infrastructure administrator using PX-Backup Keycloak.
  • Roles: Displays the three built-in roles, by default, and new roles added by the infrastructure administrator.

Last edited: Monday, Oct 3, 2022