Thursday, April 27, 2006
Interesting Command Update In TSM
I found this interesting update on the Tivoli website about the enhancements to the DISABLE/ENABLE SESSIONS command. Basically it discusses the change to the commands in TSM 220.127.116.11 and how the command now disables sessions not only for client sessions, but admin and server-to-server sessions also. This would not be problem had a customer not revoked system authority from his SERVER_CONSOLE ID. This locked the customer out of his server entirely and his only recourse was to either rollback to 5.3.0 or to restore a DB Backup from before the disable was issued. Have many of you revoked SERVER_CONSOLE privileges? I never would consider it since it is a fail-safe in the event something bad happens. I understand security but if the person can get onto the server and start the program in the foreground you have bigger problems than the SERVER_CONSOLE ID having system authority.