That is how it works. Once a user is authorized to launch a device view,
Nways
then uses the community strings configured in Netview and lets you do snmp
Sets
to devices. There is no facility in Netview, unfortunately, to control
access to the
snmp community database based on user.
What I usually recommend is that the write community for those devices be
set
to something false. This allows users to look at things, but sets will
fail. When the
authorized person (who knows the correct community) needs to do something
that
requires set, they would first go into Options...SNMP Configuration and put
in the
correct write string, do their work, and then reset it.
I know that this is not good for sites with many users with varying
authority. You
may be better off allowing only authorized users to launch the device views
to
begin with. And then of course you should also send a note explaining your
requirements to netview@tivoli.com.
Cordially,
Leslie A. Clark
IBM Global Services - Systems Mgmt & Networking
Hi,
I have a security problem. I´m working with NetView 4.1 and Nways Manager
1.2. I´ve turned on the security and I am working with the default users:
Operator and Admin. In NetView, the authority of the Operator account is
restricted and is working well. But if open een device with Nways Manager,
the Operator is allowed to do everything, even resetting devices, disabling
ports etc.
I don´t know how to disable this ´feature´ . I already read the
adminstrators guide and the programmer´s guide and can´t find a solution.
Who can help me?
With kind regards, met vriendelijke groet,
Richard van Oeffel
Open Systems Center
IBM Nederland N.V.
Boerhaavelaan 11, 2713 HA Zoetermeer
Tel: +31 (0)79-322 322 4
Fax: +31 (0) 79-352 26 29
e-mail: rvoeffel@nl.ibm.com
http://www.nl.ibm.com/osc
|