I guess that depends on the privs the TSM admin has to your servers. In my environment as the Senior TSM admin I have admin privs or root access to all the machines being backed up. Which means I could in theory restore data to any server I wanted... however I could also copy data from one machine to another, in theory.
For other admins, in our environment, that do not have admin privs they don't have access to log into machines to configure a restore from another machine. FYI: TSM admins could also change the password to a client machine to restore data anywhere, if they wanted. -----Original Message----- From: ADSM: Dist Stor Manager [mailto:[email protected]] On Behalf Of Hart, Charles A Sent: Tuesday, October 25, 2011 3:22 PM To: [email protected] Subject: Re: Can a TSM server admin purloin client backups? Nothing, it's a policy challenge if they has TSM Sys Admin rights. Kind of like a Cop that sells evidence or takes a bribe, a priest that protects the young ... at some point you have to trust your admin or fire them. In my exp a node pw can be overridden with a Sys admin user and pw. Maybe I over simplified the situation. -----Original Message----- From: ADSM: Dist Stor Manager [mailto:[email protected]] On Behalf Of Keith Arbogast Sent: Tuesday, October 25, 2011 3:07 PM To: [email protected] Subject: [ADSM-L] Can a TSM server admin purloin client backups? This question came up again here. If a TSM admin with system authorization knows the client password for a certain TSM node, what keeps him from restoring files from that node to another server of his choosing? Sorry to resuscitate this old horse. With many thanks, Keith This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately.
