It is possible to reboot any device in any Netview map for which you
have a read-write community in the ovsnmp database if that device has a
read-write snmp variable that will trigger it. It has nothing to do
with Nways. You can do the same through the mib browser. It's the (lack
of) security function in SNMPv1.
You can use Netview's security to limit access to the Nways applications
(and to xnmbrowser), but other than that, or changing the rights mask on
the executable, once the hub view is shown (or the mib browser is run),
whatever rights are enabled by the ovsnmp database are available.
Until you get IPsec and SNMPv3, this will continue to be the case. My
suspicion is that you'll begin to see these on hardware devices and
hardware management applications (whether or not they're in Netview) by
the end of the year. (My opinion only, not an IBM announcement).
Tnen, the applications will have some additional controls.
----------------------------------------------------------------------
Herbert Kinzler wrote:
>
> Hi there,
> we are using Netview/6000 4.1 and Nways Campus Manager to manage
> several 8270, 2216 etc.
> At the devices we have defined two communities:
>
> user (read-only) and superuser (read-write).
>
> In NV6000 we defined also both, user and superuser. But only superuser
> was defined in the SNMP Config.
> with 'Set Community'.
>
> We have also Netview Security activ, here we defined also two users:
> user and superuser.
>
> The userid 'user' belongs to the group 'Oper', this group should not
> be able to reset the 8270 via the
> Nways Device Management Submap (PSM).
>
> But it seems that NV uses always the community with the 'set
> community' attribute on - regardles of the
> NV6000 userid (and there predefined rights).
>
> Our goal is that no NV6000 user, which belongs to group 'Oper', is
> able to reset any device or interface
> via NV6000 or Nways Campus Manager.
>
> Thanks in advance,
>
> Herbert Kinzler
> BCS/NET
|