Your Browser is not longer supported

Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly
Loading...

{{viewport.spaceProperty.prod}}

Examples of the assignment of privileges

The following points should be borne in mind when assigning privileges to individual user IDs:

  • the security policy of the computer center involved

  • the fields of activity assigned to the individual users.

It is good practice to assign different persons separate fields of activity. However, if certain fields of activity have to be combined, the following combinations are recommended:

  • data protection/data privacy (global user administration and FTAC administration)

  • network administration with FT administration

  • data backup and archiving (HSMS administration and MAREN administration)

It is advisable to group the privileges of such fields of activity into privilege sets.

Data protection/data privacy

Global USER-ADMINISTRATION controls user organization and delegates administrative tasks, for instance to group administrators. This involves FTAC, since the functions to be performed with FT should be clearly defined for each user ID and each computer. The function ’follow-up processing’, for instance, should be restricted to specific users via FTAC profiles. Although the security levels applicable to any computer known to the FT system must be made known, FT administration and FTAC administration should be separated and computers and security levels should be predefined for FT administration.

Network administration

The privileges NET-ADMINISTRATION and FT-ADMINISTRATION may be combined. This permits the same entity to perform the actions involved in network generation and also, if requested, to make the FT entry. The predefined security levels of FTAC administration must be taken into account. The data for the FT entry is defined by network administration upon generation (see the notes on the descriptions of the individual privileges on "Network administration (NET-ADMINISTRATION)").

Archiving

The product HSMS (Hierarchical Storage Management System) is provided to facilitate data backup and data management. Depending on the job description, the HSMS-ADMINISTRATION privilege may be assigned to those users carrying out archiving functions (e.g. entering backup volumes, defining backup cycles, migrating data to a different level) or system administration functions (if data backup is their main task).

Powered by Atlassian Confluence and Scroll Viewport.