Tivoli Storage Manager for Windows: Administrator's Guide


Overview of Tivoli Storage Manager Privilege Classes

After administrators are registered, they can make queries and request command-line help. To perform other server functions, they must be granted authority by being assigned one or more administrative privilege classes.

This section describes the privilege classes. An administrator with system privilege can perform any server function. Administrators with policy, storage, operator, or analyst privileges can perform subsets of server functions.

System Privilege

An administrator with system privilege can perform any of the following server administrative tasks.

System responsibilities
  • Define or delete policy domains and storage pools
  • Import or export data from the server
  • Cancel administrative background processes
  • Set operating parameters for the server
  • Perform license audits
  • Cancel client restartable restore sessions
  • Move sequential access storage pool media
  • Begin logging events to a receiver
  • Create a full backup set from a client node's latest active files
Set up enterprise management
  • Create or delete a target server to a source server
  • Set and manage server configuration managers
  • Define and manage server groups and group members
  • Define and manage server profiles
  • Test the connection between the local server and a specified remote server
Manage TSM security
  • Register or remove administrators
  • Manage administrators
  • Grant or revoke all levels of administrative authority
  • Lock or unlock administrators from the server
  • Manage TSM passwords and logins

Unrestricted Policy Privilege

An administrator with unrestricted policy privilege can manage the backup and archive services for client nodes assigned to any policy domain. When new policy domains are defined to the server, an administrator with unrestricted policy privilege is automatically authorized to manage the new policy domains.

An administrator with unrestricted policy privilege can perform the following tasks:

Manage TSM nodes
  • Register client nodes in any policy domain
  • Manage any client node access to the server
  • Delete any client node files from storage pools
  • Create a full backup set from a client node's latest active files
Manage TSM policy
  • Manage policy objects within any policy domain
    Note:
    System privilege is required to copy, define, or delete the policy domains themselves.
Manage TSM schedules
  • Manage schedules that automatically back up or archive files
  • Associate client nodes to schedules defined in the same policy domain

Restricted Policy Privilege

An administrator with restricted policy privilege can perform the same operations as an administrator with unrestricted policy privilege but only for specified policy domains.

Unrestricted Storage Privilege

An administrator with unrestricted storage privilege has the authority to manage the database, recovery log, and all storage pools.

An administrator with unrestricted storage privilege can perform the following tasks:

Manage the TSM database and recovery logs
  • Create database or recovery log volumes
  • Extend or reduce the size of the database or recovery log
  • Create mirrored copy sets of the database or recovery log
  • Delete database or recovery log volumes
Manage TSM devices
  • Manage disk and tape device classes
Manage TSM storage pool volumes
  • Create volumes for any disk or tape storage pools
  • Move data from a storage pool to any other storage pool
  • Delete volumes from any storage pool
    Note:
    However, an administrator with unrestricted storage privilege cannot define or delete storage pools.
  • Audit volumes belonging to any storage pool
  • Move sequential access storage pool media

Restricted Storage Privilege

Administrators with restricted storage privilege can manage only those storage pools to which they are authorized. They cannot manage the database or recovery log.

For those authorized storage pools, administrators with restricted storage privilege can:

Manage storage pool volumes
  • Create volumes to the storage pools
  • Move data from one volume to another in a storage pool
  • Delete volumes from the storage pools
  • Audit volumes belonging to the storage pools

Operator Privilege

Administrators with operator privilege control the immediate operation of the server and the availability of storage media.

An administrator with operator privilege can perform the following tasks:

Manage the TSM server
  • Disable the server to prevent clients from accessing the server
  • Enable the server for access by clients
  • Halt the server, when necessary
Manage TSM sessions
  • Cancel client/server sessions
  • Cancel client restartable restore sessions
Manage tape operations
  • Vary disk volumes on or off line to perform maintenance
  • Reset the error status for tape volumes
  • Manage tape mounts

Analyst Privilege

An administrator with analyst privilege can issue commands that reset the counters that track server statistics.

Node Privilege

A user with node privilege can access a Web backup-archive client to perform backup and restore operations. An administrative user ID with the node privilege class has either client owner authority or client access authority.


[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]