[Search for users]
[Overall Top Noters]
[List of all Conferences]
[Download this site]
| Title: | DECmcc user notes file. Does not replace IPMT. |
| Notice: | Use IPMT for problems. Newsletter location in note 6187 |
| Moderator: | TAEC::BEROUD |
|
| Created: | Mon Aug 21 1989 |
| Last Modified: | Wed Jun 04 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 6497 |
| Total number of notes: | 27359 |
4867.0. "Security/Access problems" by STKHLM::BERGGREN (Nils Berggren EIS/Project dpmt, Sweden DTN 876-8287) Tue Apr 13 1993 03:33
Hi all,
Just realized at a customer site that security is not what
it should be within DECmcc.
The customer requires that only some operators should have the
right to create alarm rules, but that everyone should be able to
look at alarm rules and enable them.
"easily done" I said, just use ACL (we're talking VMS here) on some
files, MCC_ALARMS_INSTANCE_MIR and *_ATTRIBUTES_MIR, ACL=(IDENT=GROUP1,
ACCESS=READ and IDENT=GROUP2, ACCESS=READ+WRITE) and divide the operators
into two UIC-groups.
Since I said this, I had to realize it as well, and to my big surprise,
IT DID NOT WORK !!!!!!
The operators in group 1 couldn't see the alarm rules since they couldn't
open the alarms instance mir. Using AUDIT, I saw that when switching from
members view to rule view (in the IMPM) we're opening the
MCC_ALARMS_INSTANCE_MIR.DAT with READ+WRITE access. Changing the ACL to
allow RAED+WRITE access to the instance-file I tried to do a SHOW CHAR
on a rule. It didn't work either, I have to have READ+WRITE access to the
MCC_ALARMS_ATTRIBUTE_MIR.DAT even though I only want to READ information....
Now I'm in big trouble. We already have serious difficulties regarding
security (discussed in earlier notes reagrding operator categories and
restricting who should have the right to do what within DECmcc) but I could
never realize that this would cause any problems.
This is not satisfactory, and I think we're coming closer to a "No thank
you, but we'll drop DECmcc due to its lack of security"
Why open files with READ+WRITE acces when this is not needed? Could this
be regarded as a bug and have it QAR:ed so that we could get a new ALARMS_FM
out????
This is very urgent since we're in the stage of doing
some functional test at the customer site, and if this
fails there's a big potential of loosing a lot of
business with this customer who is Digital's biggest
customer in Sweden.
Please help me out
/Nils
| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 4867.1 | Yes. It is a bug! | TOOK::GUERTIN | MCC: Legend or Nightmare? | Tue Apr 13 1993 08:42 | 9 |
| Yes, it is a bug. Yes, it is QARed. However, I believe it is a Medium
Priority problem. We have our hands full with just Show-Stoppers and
High Priority problems.
Is it possible to have a copy of the Alarms MIR being pointed to by the
MCC_ALARMS_LOCATION logical? This user-local copy could be set up with
read-write access.
-Matt.
|
| 4867.2 | why a local copy of alarms MIR? | STKHLM::BERGGREN | Nils Berggren EIS/Project dpmt, Sweden DTN 876-8287 | Tue Apr 13 1993 16:05 | 9 |
| re .1
>>> Is it possible to have a copy of the Alarms MIR being pointed to by the
>>> MCC_ALARMS_LOCATION logical? This user-local copy could be set up with
>>> read-write access.
Sorry, but I don't get it... How would a copy of the Alarms MIR
help?
|