It's actually a bit worse than that - an admin can read the data even
without a password reset using proxy nodes. Short of some entries in the
activity log, there wouldn't be any evidence of this.

--
-- Skylar Thompson (skylar2 AT u.washington DOT edu)
-- Genome Sciences Department, System Administrator
-- Foege Building S046, (206)-685-7354
-- University of Washington School of Medicine

On 10/25/11 01:22 PM, Hart, Charles A wrote:

Nothing, it's a policy challenge if they has TSM Sys Admin rights.  Kind
of like a Cop that sells evidence or takes a bribe, a priest that
protects the young ... at some point you have to trust your admin or
fire them.  In my exp a node pw can be overridden with a Sys admin user
and pw.

Maybe I over simplified the situation.



-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of
Keith Arbogast
Sent: Tuesday, October 25, 2011 3:07 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: [ADSM-L] Can a TSM server admin purloin client backups?

This question came up again here. If a TSM admin with system
authorization knows the client password for a certain TSM node, what
keeps him from restoring files from that node to another server of his
choosing?

Sorry to resuscitate this old horse.

With many thanks,
Keith

This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity
to which it is addressed. If the reader of this e-mail is not the intended
recipient or his or her authorized agent, the reader is hereby notified
that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.