Re: [Networker] NMM 2.3 backup issue
2011-10-18 06:51:28
Mark,
I for one will welcome the additional granularity you are describing. I
think a lot of us out here get very frustrated that a frequent request
from the technicians when working an SR that seems to have anything to
do with authorization is to give *@* access. A much better option, in
my opinion, would be increased logging that could be enabled when needed
to determine authentication/authorization issues - and it would probably
reduce the number of SR's that were opened as well.
Frank
On Mon, 17 Oct 2011 at 6:45pm, Mark Wiertalla wrote:
Can someone from PM please explain that it is not an issue that NMM and
Oracle clients need to be admins on the datazone?
This is an admin challenge that we've tracked for some time.
1) I can validate that promoting an admin, like a DBA, from 'users'
to 'administrator' not only adds the desired permissions like 'configure'
and 'operate devices', but also includes permissions that you might not
want the DBA to have.
2) Current NetWorker releases, like 7.6S SPx, do allow the NetWorker
administrator to create a new users group with a set of customized
permissions. We know that this is not always reasonable, but it is an
option available to you today.
3) In the next NetWorker release we will include several new, standard
roles in addition to 'users' and 'adminsitrator'. The new roles will have
appropriate permissions already set for you. e.g. 'Application
Adminsitrator' will still have backup, restore, & monitor permissions, but
will include 'configure' and 'operate devices'. Along with a few other
enahncements we have in store for you, this will make it much easier for
NetWorker administrators to give users autonomy without compromising
security policies.
Best regards,
NetWorkerPM
To sign off this list, send email to listserv AT listserv.temple DOT edu and type
"signoff networker" in the body of the email. Please write to networker-request
AT listserv.temple DOT edu if you have any problems with this list. You can access the
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
--
Frank Swasey | http://www.uvm.edu/~fcs
Sr Systems Administrator | Always remember: You are UNIQUE,
University of Vermont | just like everyone else.
"I am not young enough to know everything." - Oscar Wilde (1854-1900)
To sign off this list, send email to listserv AT listserv.temple DOT edu and type
"signoff networker" in the body of the email. Please write to networker-request
AT listserv.temple DOT edu if you have any problems with this list. You can access the
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|
|
|