Conference azur::mcc

2852.0. "security/accounting on a command and user basis?" by MDCRAB::STUART (Scott Stuart - MARVA Network Sales Support DTN 341-3132 - MARVA District) Fri Apr 24 1992 18:23

I have looked at note 486 &  2456 regarding security for MCC/ULTRIX and 
am still a little confused as to what can be done.

What I need in an rfp response is the ability to:
a. 'control what functions within the management system each user may access'

b. '... maintain an audit trail of network management activity including ...
   a log of network management activity performed'.

My assumptions are below, please make any corrections and comments.

a. I think that I can control what access module and what
entities a user may access but not what commands they can enter.  Is this true?

b. It could be done via a shell script to a command interface to mcc but not via
	the iconic map interface.

	thanks ... scott

>
>My assumptions are below, please make any corrections and comments.
>
>a. I think that I can control what access module and what
>entities a user may access but not what commands they can enter.  Is this true?
>
 
You can get tricky and point certain users to different 'crafted' copies of the
dictionary by defining MCC_SYSTEM differently for each.   E.g. you could go
into DAP and remove any SET or 'dangerous' directives then use that verison of
the dictionary for 'less privileged' users.   Note that this can turn into a
support nightmare if you add many modules, since you'll have to go through this
process (editing the dictionary) every time you install a module.

I think I agree that it is a support nighmare, but if we 
want to price it, what is the procedure under ULTRIX to 
accomplish this... thanks ....