Access to functions

Scopes

The function access in Baculum is a term associated with OAuth2 clients. Functions are defined as the OAuth2 scopes and they refer to the general Baculum API functionalies like:

  • jobs

  • directors

  • clients

  • storages

  • devices

  • volumes

  • pools

  • bvfs

  • joblog

  • filesets

  • schedules

  • config

  • actions

  • oauth2

  • basic

  • consoles

Setting selected scopes in the OAuth2 client account defines to which Baculum API functions the Baculum Web will have access. For example, if OAuth2 client has configured scopes: jobs and clients, this OAuth2 client will be able to get job list, run backup job, do restore, but it will not be able to get volume list or get storage status.

More detailed, the functions are connected with API endpoints in the way that /job/ endpoint refers to job scope, /volume/ endpoint refers to volume scope.

What scopes to set

To work with Baculum Web typically for administrators it is good to set all scopes. For an user with limitted access usually you can assign most of scopes except admin specific scopes like: config, actions, oauth2 and basic.