Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup and NetBackup Appliances Hardening Guide
  3. Steps to protect Flex Appliance
  4. Managing multiperson authorization
NetBackup and NetBackup Appliances Hardening Guide

Managing multiperson authorization

Multiperson authorization is a security mechanism designed to proactively protect data and systems from undesirable or malicious actions by a compromised insider acting alone. With multiperson authorization enabled, certain critical operations require approval from additional authorized users before execution. Even if a user has permission under role-based access control to perform an operation, the action will only proceed after additional authorized users review and approve it. This ensures accountability and reduces the risk of unauthorized changes.

The multiperson authorization policy defines who can review and approve an operation. Importantly, the multiperson authorization policy itself is protected by multiperson authorization, ensuring that policy changes also require quorum approval.

The multiperson authorization access control policy applies to the following operations:

  • Editing user roles

  • Removing users

  • Editing, disabling, or deleting policies

Note:

Custom policies in multiperson authorization are currently supported only for SED operations.

Flex Appliance operations that need multiperson authorization

The following operations require multiperson authorization:

  • Edit KMS operation

  • SED switch and rekey operation

Feedback

Was this page helpful?
Previous

Managing lockdown mode at the instance level

Next

Terminology

Feedback

Was this page helpful?