Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup and NetBackup Appliances Hardening Guide
  3. Steps to protect Flex Appliance
  4. Managing multiperson authorization
  5. Configuring multiperson authorization
NetBackup and NetBackup Appliances Hardening Guide

Configuring multiperson authorization

You can navigate to the Multiperson authorization in any of the following ways:

  • Navigate to Settings > Security and compliance > Multiperson authorization.

  • On the Home page, select Security meter. In the Security recommendations pop-up, select Multiperson authorization.

The following table lists the operations that can be performed on an access control policy.

Table:

Operations

Procedure

Enable access control policy

Enabling access control policy

Edit access control policy

Editing an access control policy

Disable access control policy

Disabling access control policy

Create multiperson authorization policy

Note:

This can be done only on an SED appliance.

Creating multiperson authorization policy

Delete custom policy

Note:

This can be done only on an SED appliance.

Deleting custom policy

View multiperson authorization requests

Viewing multiperson authorization requests

Manage multiperson authorization requests

Managing multiperson authorization requests

Enabling access control policy

To enable access control policy

  1. Navigate to Multiperson authorization.
  2. Click Enable.
  3. Confirm the change.

A request is created. Once it is approved, the access control policy is enabled.

You can edit and disable access control policies.

Editing an access control policy

To edit an access control policy

  1. Navigate to Multiperson authorization.
  2. Click Edit.
  3. You can update any of the following fields:
    • Email addresses: Specify a comma-separated list of email addresses for notifications.

    • Expire pending requests after: Set the period (in hours) after which any pending requests will expire.

    • Delete resolved requests after: Specify the period (in days) after which resolved requests will be deleted.

  4. Click Save.

A request is created. Once it is approved, the access control policy is updated with the changes.

Disabling access control policy

To disable access control policy

  1. Navigate to Multiperson authorization.
  2. Click Disable.
  3. Provide a reason in the pop-up and click Disable.

A request is created. Once it is approved, the access control policy is disabled.

Viewing multiperson authorization requests

The Multiperson Authorization widget appears on the Homepage when there are one or more pending authorization requests that require user attention. The widget provides a quick snapshot of requests you have submitted as well as requests awaiting your review.

Note:

The counts displayed in the View Requests section on the dashboard and in My Actions reflect only active requests. They exclude requests in Done, Rejected, Expired, or Canceled states.

Viewing multiperson authorization requests

  1. On the Home page, select View requests in the Multiperson authorization widget.
  2. The Request management page lists all your requests for operations that require multiperson authorization. You can apply filters to view requests that you have submitted, requests sent to you for approval, and to narrow results by time frame or request status.
  3. Select the request ID to see the request details. The Audit trail tab gives more details on the status of your request.
  4. Select the Preview request details tab to see the changes that have been made as part of the request.

    The requester can cancel his request by selecting Cancel request.

Users with the approver role can approve or reject the multiperson authorization requests.

Managing multiperson authorization requests

To manage multiperson authorization requests

  1. On the Home page, select My actions in the Multiperson authorization widget.

    You can also click on the User icon on the top right corner. In the pop-up, select the View authorization request option.

  2. The Request management page lists all the requests for operations that require multiperson authorization. You can apply filters to view requests that you have submitted, requests sent to you for approval, and to narrow results by time frame or request status.
  3. Select the request ID to see the request details. The Audit trail tab gives more details on the request. The Preview request details tab to see the changes that have been made as part of the request.
  4. Select Approve if you want to approve the request. In the Approve request pop-up, provide the reason for approving the request. Click Approve to complete the approval.

    Select Reject if you want to reject the request. In the Reject request pop-up, provide the reason for rejecting the request. Click Reject to complete the rejection.

    The reason field can contain 8 - 256 characters and may include only alphanumeric characters, spaces, periods, commas, underscores, and dashes.

  5. The Request details page gets updated with the details.
Creating multiperson authorization policy

You can create a multiperson authorization policy only on an SED appliance.

To create a multiperson authorization policy

  1. Navigate to Multiperson authorization.
  2. In the Custom policies panel, click Create.
  3. In the Create multiperson authorization policy window, enter the following details:
    • Policy name: Specify the policy name.

    • Expire pending requests after: Set the period (in hours) after which any pending requests will expire.

    • Email addresses: Specify a comma-separated list of email addresses for notifications.

    • Exempted accounts: Specify accounts that are exempted from multiperson authorization (if any).

    • Delete resolved requests after: Specify the period (in days) after which resolved requests will be deleted.

    • Approvers: Specify the approvers.

    • Number of approvals: Specify the number of approvals required.

    • Under Operations, select the operations that require multiperson authorization.

    • Under Behavior after approval, choose any option:

      • Automatically: The requested operation will be completed automatically after approval.

      • Manually: The requested operation will have to be completed manually after approval. Navigate to the Request management page. Select the request and click Complete operation.

  4. Click Create.
  5. In the confirmation pop-up, review the information and click Create.
  6. Click Save.

After the quorum is reached, the request is scheduled by the Flex Appliance and marked as Done after execution.

The new policy details appears on the Multiperson authorization page.

You can also edit an existing multiperson authorization policy. Click the policy name to open the Edit window. Make the required changes and save the changes.

Deleting custom policy

You can delete a custom policy only on an SED appliance.

To delete a custom policy

  1. Navigate to Settings > Security and compliance > Multiperson authorization.
  2. The Multiperson authorization page lists all the custom policies.
  3. You can delete the custom policy by clicking Delete on the right side of the row.
  4. Provide confirmation in the pop-up.

A request is created. Once it is approved, the access control policy is deleted.

Feedback

Was this page helpful?
Previous

Considerations for configuring multiperson authorization

Next

Using network access control

Feedback

Was this page helpful?