There is no explicit way to restrict user's from ADSM's backup services but
allow them to use the restore facilities.  There is a way it can be done,
however.

In the dsm.sys file, enter two stanzas:


SErvername   BACKUP
  TCPPort        <port#>
  TCPServer      <ip address>
  USERS          ROOT

SErvername   RESTORE
  TCPPort        <port#>
  TCPServer      <ip address>
  INCLEXCL       /usr/lpp/adsm/bin/excllist

where /usr/lpp/adsm/bin/excllist is a file with one entry:
  exclude /.../*


This works as follows:  The ROOT user uses -SErvername=BACKUP to backup
the entire workstation.  No other user is allowed to use this stanza because
of the 'USERS ROOT' statement.  Normal users only have access to the RESTORE
stanza.  This stanza has an include/exclude list which excludes all files
from backup.  Include/exclude processing does not affect restore processing.
Therefore, the non-root user has full access to ADSM restore facilities.

A couple of drawbacks, however:
1) include/exclude processing does not exclude directories. A non-root user
   still has the ability to backup directory entries if there is no entry
   stored on the ADSM server.
2) for the same reason, the non-root user can still invoke a backup. The
   session will still process all of the files and appear to be doing something
   .... but in reality only backing up new directory/subdirectory entries.

Is this functionality (ie excluding users from doing backups) something that
the user community needs????  If there is any feedback, I would be happy to
open a requirement.


Jim Smith
ADSM level-2 support
San Jose