See comments as well.
Frederic Mottiat - IBM Global Services (PSS-SMNS)
Tivoli Implementation & Services
Email : frederic_mottiat@be.ibm.com
Tel : 02/225 34 08 Gsm : +32 (0)75 388 773
> Do you use NetView security?
Yes, for I would say at least 50 to 60% of our customer installations.
This is a great feature in order to prepare a separate working environment for
different
kind of users. Mostly 2 groups : operators with very limited access to
functionnalities
(mostly everything related to configuration and changes in the maps are lock)
and
administrators, with all possibilities. On some sites I have had to configure up
to
4 group profiles.
I would like to see the possibility to filter SNMP queries according to the NV
group the
user belongs to.
> Do you have a set of changes that you commonly make to the oper security group
permissions?
Removing access to functions related to edit/save/snapshots/administer.
Removing everything related to MLM configuration (once added, as unfortunately
this is not
a default, you need to first convert with c_arf2srf the needed files from
/usr/OV/registration/...).
> What changes do you make at the UNIX level to address operator accounts?
Trying to limit the number of AIX accounts. So mostly 1 AIX account for a group
of operator.
Unless very different requirements (for instance : filters saved in the
NvEnvironment file).
> Do you have a "canned" procedure that you use when configuring operator
access?
No, but should have... :-)
> Do you modify map permissions?
Always.
|