Hi all, I'm designing a managed configuration of TSM servers. Our management structure here is a central TSM with level2/3 support functions, and some district offices that will have their own TSM servers, plus some remote TSM servers in their remote locations.
central ->[many districts]->[many satellites] I'd like to manage as much of this centrally as possible. Now I intend to set up adminstrator profiles on the configuration manager, and all TSM Servers in a given district will subscribe to that district's profile, so any admin in a district will be able to administer any server in that district, and only that district. This means that they have to log into the config manager to update their passwords. Now for operational reasons, theys guys will need unrestricted policy privilege to do their work. They won't be able to change any of the policies that are subscribed from the config manager on their local TSM, but what is to stop them from logging on to the config manager directly and changing policies there? I could stop them from logging on to the config manager by locking the ids there, since lock status is not distributed, but, then they can't log in to change their passwords. Have I missed something? How do others handle this. Regards Steve Harris AIX and TSM Admin Queensland Health, Brisbane Australia *********************************************************************************** This email, including any attachments sent with it, is confidential and for the sole use of the intended recipient(s). This confidentiality is not waived or lost, if you receive it and you are not the intended recipient(s), or if it is transmitted/received in error. Any unauthorised use, alteration, disclosure, distribution or review of this email is prohibited. It may be subject to a statutory duty of confidentiality if it relates to health service matters. If you are not the intended recipient(s), or if you have received this email in error, you are asked to immediately notify the sender by telephone or by return email. You should also delete this email and destroy any hard copies produced. ***********************************************************************************
