nv-l
[Top] [All Lists]

Re: Operator access

To: nv-l@lists.tivoli.com
Subject: Re: Operator access
From: Jane Curry <jane.curry@SKILLS-1ST.CO.UK>
Date: Mon, 17 Jan 2000 13:46:58 +0000
Please see comments.

Elizabeth Bagley wrote:

> Hello,
> In an effort to improve Tivoli NetView training, our course development team
> is identifying best practices for configuring operator access to NetView.
>
> Do you use NetView security?

Only when we need to secure web access - if no requirement for web, NetView
security seems too cumbersome to setup.

>
> Do you have a set of changes that you commonly make to the oper security
> group permissions?

N/a

>
> What changes do you make at the UNIX level to address operator accounts?
> (new accounts for each operator?  special environment settings?)

I usually have a "senior" NetView person who needs access to a few extra files
(this is because using the root id is generally forbidden).  trapd.conf,
ovsnmp.conf are 2 that spring to mind.  I generally fix this by giving their 
userid
access to bin and sys but a more granular approach would be appreciated.

I also ensure that a .profile is created with a LANG environment set to En_US 
and
that .kshrc sources the Tivoli environment.  Also ensure that a Netscape
environment is correctly setup (MOZILLA_HOME variable), if a user will use web
access via Netscape.  If customising NetView menu options without using NetView
security, ensure that .profile sets up the OVwRegDir variable.

>
> Do you have a "canned" procedure that you use when configuring operator 
> access?
>

No

> Do you modify map permissions?
>

Generally ensure Read-Only access for junior operators.

>
> Please understand that these questions are just guidelines.   Any advice that
> you
> would like to pass on to future generations of NetView administrators would be
> greatly appreciated.  If you prefer not to share the security information on
> NV-L,
> you can contact us directly at edu-cd_tnt@tivoli.com.
>

I stress STRONGLY that you should not be using the root user to run NetView - 
it's
simply bad practice - we all do silly things sometimes.  Better to be forced to
take extra privilege via su, if really necessary.

I would love to see NetView authority controlled via Tivoli roles, rather than
using the NetView security application which I find tedious and quirky
(particularly on Solaris).

>
> Thanks,
> Elizabeth Bagley
> Tivoli Education
> http://hometown.aol.com/ebagley2/career

Regards,
Jane
--
Tivoli Certified Enterprise Consultant & Instructor
Skills 1st Limited, 2 Cedar Chase, Taplow, Bucks, SL6 0EU, UK
Tel: +44 (0)1628 782565
Copyright (c) 1999 Jane Curry <jane.curry@skills-1st.co.uk>.  All rights 
reserved.


<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web