ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

configuration management security question

2004-08-30 03:06:20
Subject: configuration management security question
From: Steve Harris <Steve_Harris AT HEALTH.QLD.GOV DOT AU>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Mon, 30 Aug 2004 17:06:48 +1000 
Hi all,

I'm designing a managed configuration of TSM servers.  Our management structure 
here is a central TSM with level2/3 support functions, and some district 
offices that will have their own TSM servers, plus some remote TSM servers in 
their remote locations.

central ->[many districts]->[many satellites]

I'd like to manage as much of this centrally as possible.

Now I intend to set up adminstrator profiles on the configuration manager, and 
all TSM Servers in a given district will subscribe to that district's profile,
so any admin in a district will be able to administer any server in that 
district, and only that district. This means that they have to log into the 
config manager to update their passwords.

Now for operational reasons, theys guys will need unrestricted policy privilege 
to do their work.  They won't be able to change any of the policies that are 
subscribed from the config manager on their local TSM, but what is to stop them 
from logging on to the config manager directly and changing policies  there?

I could stop them from logging on to the config manager by locking the ids 
there, since lock status is not distributed, but, then they can't log in to 
change their passwords.


Have I missed something? How do others handle this.

Regards

Steve Harris
AIX and TSM Admin
Queensland Health,
Brisbane Australia








***********************************************************************************
This email, including any attachments sent with it, is confidential and for the 
sole use of the intended recipient(s).  This confidentiality is not waived or 
lost, if you receive it and you are not the intended recipient(s), or if it is 
transmitted/received in error.

Any unauthorised use, alteration, disclosure, distribution or review of this 
email is prohibited.  It may be subject to a statutory duty of confidentiality 
if it relates to health service matters.

If you are not the intended recipient(s), or if you have received this email in 
error, you are asked to immediately notify the sender by telephone or by return 
email.  You should also delete this email and destroy any hard copies produced.
***********************************************************************************
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: TDP for Oracle --exception raised in RPC: ORA-19602: cannot backup or copy active file in NOARCHIVELOG mode ----- Stuck -- Help, Tomas Hrouda
Next by Date:  Re: configuration management security question, Muhammad Sadat
Previous by Thread:  Error ACO5422E - TDP SQL, George Wash
Next by Thread:  Re: configuration management security question, Muhammad Sadat
Indexes:  [Date] [Thread] [Top] [All Lists]