Last modified August 26, 2025

Console Access

The Console Access feature enables JetBackup Storage users to control who can sign in to JBSC.

Overview - The Two Types of Access

When you create an IAM user (sub-user) in JetBackup Storage Console (JBSC), you can grant them two distinct types of access:

  1. Programmatic access: This gives the user an access key ID and a secret key. These keys are used by machines, applications, or scripts (like a backup tool) to authenticate and interact with JetBackup Storage via the API. This is enabled for all users.

  2. JetBackup Storage Console access: This gives the user a Login Profile, which is a username and password that allows them to sign in to JBSC. This is for human-driven tasks and can be disabled. The “Console Access“ controls the provisioning of Login Profiles for IAM Users. This means that having access to login to JBSC is optional.

Controlling the login access to JBSC enables even more granular access management to have the least privilege permissions to do their duties. Users without console access permission can still programmatically access JetBackup Storage using the access key and secret key, which can be managed by the root user.

How It Works

When creating a user, you can choose to enable/disable console access. The console access is enabled by default, but you can change the console access status during or after user creation.

The user password is optional. The password is only used to login to JBSC. Hence, you do not need to set a password if the console access is disabled.

Best Practice and Tips

A foundational concept in cybersecurity is the Principle of Least Privilege. This principle dictates that any user or application should only be granted the bare minimum permissions required to perform its specific function.

This rule should extend to all types of permissions, including JBSC access. For users or services that only need programmatic access for automated tasks, their console access should be disabled. The login capability should only be enabled when absolutely necessary for a user’s designated role, as doing so significantly reduces the system’s attack surface and minimizes security risks.