| Title: | DECmcc user notes file. Does not replace IPMT. |
| Notice: | Use IPMT for problems. Newsletter location in note 6187 |
| Moderator: | TAEC::BEROUD |
| Created: | Mon Aug 21 1989 |
| Last Modified: | Wed Jun 04 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 6497 |
| Total number of notes: | 27359 |
Is it possible to set-up security on a command basis ? and how ?
The issue is brought up by a customer, who would like to give access to
the SHOW and a few other commands to a large number of users. Other
commands like SET, REGISTER should be protected, and access only allowed
to a small "trusted" group.
This issue may be applicable for different entity classes too, i.e. all
can look at DECnet Phase IV, but only the "trusted" people can access the
Bridges, ref. Note 477.
Thank's
S�ren
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 483.1 | DSTEG1::HUGHES | Mon Nov 26 1990 09:23 | 17 | ||
The answer to your question can be found in the DECmcc Use Guide,
Chapter 2, Maintaining Security. Also, documentation on the manageable
entities will be helpful.
Basically, MCC uses the security features of the operating system and
the network. If you want to restict access to certain Access Modules,
you can protect the executable images so that the average user cannot
activate the image. Then create access control lists of trusted users
and apply the acl to the files.
Then you would have to review all the manageable entities and figure
out how access to the entity is obtained. For Example, DECnet Phase IV
nodes can be secured by protecting the objects used to gain access to the
node, and the account the object uses. Lan Bridge 150 and 200 can have
passwords, the Bridge Access Module requires VMS privileges.
Linda
| |||||
| 483.2 | ? | MKNME::DANIELE | Mon Nov 26 1990 14:21 | 4 | |
re.1: What does this have to do with the request for controlling availability OF DIRECTIVES? | |||||
| 483.3 | DSTEG1::HUGHES | Mon Nov 26 1990 15:13 | 9 | ||
re .2
I guess not much. MCC does not provide any way to control the
availability of directives. But the entity might, like a DECnet
node might allow show directives to any user but would require
privileges for set directives.
Linda
| |||||
| 483.4 | well... | GOSTE::CALLANDER | Mon Nov 26 1990 15:49 | 15 | |
Well as Linda mentioned, you can control access to the entity. Then
on a class by class basis you can determine what these changes in
access due to the users ability to access directives. I can do a
lot of things, like looking at a phase 4 node through the dna4 am
with a non priveliged account, but to do sets my system is set up
such that I can't set with out privs.
The access control is related to what directives you can operate
but it done on a class by class basis and is class and not typically
directive specific. Currently we don't give out information on
tailoring dictionarys (time consuming) to do what you ask, nor do
we have a built in mechanism to do it -- good item to add to the
wish/work list for the PMs.
| |||||