Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup and NetBackup Appliances Hardening Guide
  3. Steps to protect Flex Appliance
  4. Managing multiperson authorization
  5. Considerations for configuring multiperson authorization
NetBackup and NetBackup Appliances Hardening Guide

Considerations for configuring multiperson authorization

Prerequisites:

  • At least three security administrators are required to enable multiperson authorization.

Note that:

  • Security administrators can enable, disable, and edit access control policies.

  • Service accounts cannot approve pending requests.

  • Policy creator cannot exempt themselves during creation.

  • Notifications are sent to specified email recipients for approval requests.

  • The number of approvals required can range from 2 to 10.

  • Pending requests can be cancelled by the requester.

  • Security administrators can deny any pending requests.

  • Security observers can view all policies and pending requests.

  • Other users can view requests they created or can approve.

  • Quorum is evaluated independently for each approver role. If a single user holds multiple approver roles defined in the policy, that user's approval counts toward the quorum for each role they hold.

The following considerations apply only to SED appliances:

  • A custom policy can be created only after the access control policy is enabled.

  • If a custom policy exists, the access control policy cannot be disabled.

  • When a custom policy is created, it must have at least one operation. It is possible to edit an existing custom policy and remove all the operations.

  • To enable multiperson authorization for an operation, it must be added to a new or existing custom policy.

  • Security administrators can create, edit, or delete custom policies. Users with custom roles can also perform these operations if they have the permission.

  • Creating a new custom policy does not require multiperson authorization approval; editing or deleting a custom policy requires quorum from other security administrators.

  • When an operation is removed from a custom policy, any pending requests for that operation are automatically rejected.

Feedback

Was this page helpful?
Previous

Multiperson authorization process workflow

Next

Configuring multiperson authorization

Feedback

Was this page helpful?