[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference azur::mcc

Title:DECmcc user notes file. Does not replace IPMT.
Notice:Use IPMT for problems. Newsletter location in note 6187
Moderator:TAEC::BEROUD
Created:Mon Aug 21 1989
Last Modified:Wed Jun 04 1997
Last Successful Update:Fri Jun 06 1997
Number of topics:6497
Total number of notes:27359

5660.0. "LOOK, don't touch" by CTHQ::WOODCOCK () Thu Oct 14 1993 14:31

Greetings,

Just returned from a customer site with security as an open question. I have
read many of the current notes but the answer to my own idea for this 
particular customer is still unanswered. This customer is getting pressure from
other organizations to 'view' the status of the network. While he doesn't mind
them viewing he doesn't want them to touch....ANYTHING. No map edits, alarms,
SHOWs to any entity, nothing. Basically he would like to allow them to open a
domain, navigate through the hierarchy, view alarms and events, and nothing
else.

The idea (will it work):

The main account is used to build and modify the entire environment and has
access to everything. Alarms are put into batch, this is vms. Create a user
account which has access to the map files, the map module, and notification 
services module. Give them NO access to all other modules. Will they view
alarms and events and be able to navigate? 

cheers,
brad...
T.RTitleUserPersonal
Name		DateLines
5660.1not sure if it will workTAEC::FLAUWFri Oct 15 1993 13:1321
	Brad, 

	If I remember well the process structure on VMS, all MMs are loaded into 
	the user process. So if you want to see notifications, the user account  
	will need to have access to the Notification FM and as the Notification 
	FM needs to issue getevents to the various AMs, the user account will 
	need, I think, also access to the AMs. 

	For navigation, if I remember well, the IM PM is doing a lot of calls to 
	the Domain FM. It might also need to make a few calls to Registration FM, 
	for instance to display the list of all domains, so the user account will
	need access to the Domain FM at minimum. 

	I haven't used DECmcc on VMS for a long time, so I might be wrong here. 

	Too bad that you are not on Ultrix, otherwise TeMIP Security would have 
	been perfect for what you want to do.

	Best regards,

	Marc.
5660.2tough requirementCTHQ::WOODCOCKFri Oct 15 1993 14:2518
>If I remember well the process structure on VMS, all MMs are loaded into
>	the user process. So if you want to see notifications, the user account 
>	will need to have access to the Notification FM and as the Notification 
>	FM needs to issue getevents to the various AMs, the user account will 
>	need, I think, also access to the AMs. 
>
>	For navigation, if I remember well, the IM PM is doing a lot of calls to 
>	the Domain FM. It might also need to make a few calls to Registration FM, 
>	for instance to display the list of all domains, so the user account will
>	need access to the Domain FM at minimum. 

Hi Marc,

Your logic would seem to make sense. For this customer, it would appear to be
a tough requirement to fill. Oh well, just a thought...

cheers,
brad...