remember in a unix environment, only root may restore any file... if an
individual user fires up dsmc, they may only restore files they have read
privs on and if they don't have write privs they have to restore it
somewhere they do have write privs...

now as far as across clients... from root there are the trick that allow you
to get another node's data as long as you know their adsm password if not
and/or if you're just an end user on the client machine then there is the
"set access" stuff...

main thing I worry about is the destruction of data and to cure that I just
set things where the client can't delete their own backups or archives, and
make it where they can only push a single backup per day and in keeping 7
versions of backups someone would have to push zeroed out files for a week
to wipe backups out and I think someone would notice something funny within
a week.

Now all our environments are behind the big corp firewall so all I have to
"worry" about are internal problem people and that boils down to a "are they
paying their folks enough to keep them happy" if some DBA got mad they might
change the management class on their archives to only a 3 day keep and then
goober up something but that isn't my problem 'cause the clients wanted the
3 day archive management class and know of the possibilities...

yada yada yada

I'm pleased with the security... well it fits my needs would probably be a
more proper thing for me to say.

Dwight

> ----------
> From:         Cao, Chan[SMTP:ccao AT BROOKS DOT COM]
> Reply To:     ADSM: Dist Stor Manager
> Sent:         Thursday, April 06, 2000 1:27 PM
> To:   ADSM-L AT VM.MARIST DOT EDU
> Subject:      Re: ADSM and Security -- looks pretty easy to get files
>
> I looked but didn't see much discussion on this?
>
> Clients need to enter the correct password and there's
> a variable to lock out if incorrect passwords are entered
> so many times.
>
> What level of security would satisfy your need?
>
> I suppose it would be easy to lock down the ADSM server
> databases too.  No databases, no recovery.  and the log
> of all actions are there for you to see.
>
> Chan
>
> -----Original Message-----
> From: Debbie Cavallucci [mailto:debcav5 AT HOTMAIL DOT COM]
> Sent: Thursday, April 06, 2000 2:07 PM
> To: ADSM-L AT VM.MARIST DOT EDU
> Subject: Re: ADSM and Security -- looks pretty easy to get files
>
>
> Well, I guess that answers my question.  There is no real security with
> ADSM.  Earlier postings state that it's security is "Kerberos-like" - that
> doesn't seem true either.  Doesn't this seem to bother any of you using
> the
> system and it's tools?  Am I missing something?
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com
>