[Search for users]
[Overall Top Noters]
[List of all Conferences]
[Download this site]
| Title: | DECmcc user notes file. Does not replace IPMT. |
| Notice: | Use IPMT for problems. Newsletter location in note 6187 |
| Moderator: | TAEC::BEROUD |
|
| Created: | Mon Aug 21 1989 |
| Last Modified: | Wed Jun 04 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 6497 |
| Total number of notes: | 27359 |
581.0. "Security issues" by CCIIS1::ROGGEBAND (_ �hili��e _) Thu Dec 27 1990 10:10
Hello,
Several of my customers have raised the following security issues. They
would like to be able in enable / disable access to VERBS.
An exemple, they want to allow operators to look at things ("Show") but
not to modify them (no "Set"). They would like DECmcc to provide some
way of doing this, as the objects they are referring may have no access
control built in. One way of doing this is to implement some form in a
Specific AM, but when the object is a SNMP-type object and they use the
standard SNMP ?
Other exmples of security issues concern the maps & registration of
objects. They want to configure the maps for the operators, but do not
want the operator to modify anything on the map, so they would like to
inhibit the use of the toolbox. Thay would also like to be able to
customize the interface so that it offers no "Save Map" option, and no
"register" command. I have told them that one way to achieve (some of)
this is to set access rights on DNS directories and to put ACL's on map
files, and / or on FM images, but they feel this is a somewhat messy
way of doing things.
To cut a long story short, the main criticism is the same as the one we
had with DECnet Monitor : the same interface is used to configure what
we want to manage, and to manage the things we just configured.
Customers dread the idea that an over-privileged and under-trained
(whose fault is that ?) operator may try a "DEREGISTER object *"
command "just to see what happens"... but they would like a DECmcc
integrated way of preventing this. Anything in the pipelines ?
I'll add that ALL customers I've show the product to are impressed by
the DECwindows PM. Comment from the IS manager of Air France : "I do
not want my operators to see this, they'll ask me to get rid of
NETview".
May 1991 be the "Year of DECmcc".
Philippe.
| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 581.1 | Maybe the Easter Bunny will bring it!! | TOOK::F_MESSINGER | | Thu Dec 27 1990 13:31 | 8 |
|
Re -.1
Several people have expressed the need to "lock" or "unlock" the
map window. The mechanics of implementing this are quite simple.
It's on the wish list!
Fred
|
| 581.2 | an important topic -- or so it looks | GOSTE::CALLANDER | | Thu Dec 27 1990 15:22 | 11 |
| Philippe,
This area has definitely been discussed, from all aspects of the
system. I know that the area of your concern is shared by many; no
promises are being made, but work is continuing (investigation and
discussions) in this area. As to the if and whens of see this
implemented --- I would suggest that try sending a quick write-up of
your requirements (and your note does a good job of it) to product
management for incorporation into the next set of MCC product
requirements. You can try sending them to Hakim (DELNI::) Dhilla.
|
| 581.3 | | BSYBEE::EGOLF | John C. Egolf LKG2-2/T02 x226-7874 | Thu Dec 27 1990 18:03 | 4 |
| Hakim is no longer in DECmcc product management. If anybody
does wish to send requiremnts of product suggestions, send them
to Steve Lane (DELNI::S_LANE) or Randy Covill
(DELNI::R_COVILL).
|