Setting up a Delegated Admin in Novell Storage Manager



By: coolguys

April 16, 2008 7:46 am

Reads: 148

Comments:1

Rating:0

A Forum reader recently asked:

“Now that I have Storage Manager installed and running, I don’t see any way to delegate authority to container
administrators. It seems that anyone logged into the Management Interface gets rights via the NSMProxy users (supervisor to root) and can administer all servers and users in the tree. Is there any RBS equivalent for NSM
where I can delegate rights only to specific containers for specific users?”

Solution

Setting up a delegated Admin in NSM has several steps:

1. Create a group in eDirectory that you can use for creating a membership of the users that you want to be able to log in via the NSMAdmin interface.

2. Set up a container-based administrative user, if not already done.

3. Open NSMAdmin and log in with a user that has Supervisor rights to the server object where NSM (FSFENGIN.NLM) is running.

4. Click Configure Options and Interfaces.

5. Click Management Interface.

6. Check the checkbox next to the “Security Equivalent to the following object” option.

7. Click Browse and select the group that you created in
step 1. Make sure that your overall admin user is in the group as a minimum.

8. Click OK.

9. Log out of NSMAdmin and log back in as one of the delegated admin users that you added to the group created in step 1.

Testing:

1. Try to create a policy outside the container where the user has rights. Access should be denied.

2. Try to create a policy inside the container where the user has rights. The policy should be created.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags:
Categories: Uncategorized

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

1 Comment

  1. By:HutcH

    Is there a similar method to do this in AD?

Comment