| Title: | DECmcc user notes file. Does not replace IPMT. |
| Notice: | Use IPMT for problems. Newsletter location in note 6187 |
| Moderator: | TAEC::BEROUD |
| Created: | Mon Aug 21 1989 |
| Last Modified: | Wed Jun 04 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 6497 |
| Total number of notes: | 27359 |
Can you please comment on the following requirment:
We are using DECMCC to manage a large network that includes DECnet
Phase IV, DECbridges, and Concentrators, and Cisco Works to manage
Cisco routers...
We are currently managing the whole network from the network management
shop. We would like a particular department (Engineering) to manage
their own network, which is also connected to the FDDI ring. We want
that department to be able to manage its own part pf the network only
by giving them their own domain.
I have two questions around the issue:
1- Can we restrict the MCC user of that department to that single
domain without any access to the other domains that we are managing?
If so, Can we take away the spawn to DCL functionality so that user
can't use the priviliged account from DCL?
2- If we want to enable VMS auditing to track who did what, are there
any known problems between MCC, VMS audit, and DNS?
I saw note 4992, but I was not very clear on the answer to the above
questions.
Thanks
Sam
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 6076.1 | Use TeMIP Security -) | TAEC::FLAUW | Marc Flauw, CEM Technical Office, VBO | Wed Aug 10 1994 11:42 | 25 |
Sam, From your base note, I assume that you are running on VMS. Otherwise, what you are asking is exactly what is being provided by TeMIP Security on Ultrix and OSF/1. TeMIP Security which is now part of TeMIP Framework (ex DECmcc BMS) on OSF/1 provides access control and logging of operators commands. The access control operates mainly on a verb, entity instance basis, although it is also possible to do access control on the attributes of an entity or the arguments of a directive. The command logging offers you 2 modes : central logging controlled by the system administrator and user logging controlled by each user individually. For each type of logging, it is possible to specify what needs tobe logged, like do not log the show directives for instance. If you need more information on TeMIP, look in the TeMIP notefile (TAEC::TEMIP) for pointers to docs and kits. Best regards, Marc. PS: TeMIP and TeMIP Framework are not available on VMS. | |||||
| 6076.2 | TeMIP and POLYCENTER/NETVIEW ? | ROMEOS::MOKBEL_SA | Wed Aug 10 1994 12:33 | 16 | |
Thanks Marc
Yeh, that is exactely what I am looking for. Unfortunately we are using
OpenVMS and we have no plans to migrate to Ultrix. We however may be
migrating the management stations to OSF/1, and TeMIP sounds
interesting. We were thinking of using PolyView, so I will be taking a
look at the TeMIP conference to see how the two fit together (if they
do at all).
Meanwhile, how about a single domain owned by a user that has no access
to other domains? how secure is that really? Has anybody experienced
problems using VMS AUdit on MCC files?
Thanks for any ideas.
Sam
| |||||