Chapter 4.

Using Commands Based on Privilege Class

There are five administrator privilege classes in Tivoli Storage Manager: System Policy Storage Operator Analyst

The authority granted to an administrator determines the administrative commands that the administrator can issue. After an administrator has been registered via the REGISTER ADMIN command, the administrator can issue a limited set of commands, including all query commands. When you install Tivoli Storage Manager, the server console is defined as a system administrator named SERVER_CONSOLE and is granted system privilege. The following sections describe each type of administrator privilege and the commands that can be issued by an administrator who has been granted the corresponding authority.

Commands Requiring System Privilege

An administrator with system privilege has the highest level of authority in Tivoli Storage Manager. With system privilege, an administrator can issue any administrative command and has authority to manage all policy domains and all storage pools. Table 5 lists the commands that only administrators with system privilege can issue. Table 5. System Privilege Commands AUDIT LICENSES ACCEPT DATE BEGIN EVENTLOGGING CANCEL EXPIRATION CANCEL PROCESS CANCEL REQUEST CANCEL RESTORE COPY CLOPTSET COPY DOMAIN COPY PROFILE DELETE PROFILE DELETE RECMEDMACHASSOCIATION DELETE RECOVERYMEDIA DELETE SCHEDULE (See note) DELETE SCRIPT DELETE SERVER DELETE SERVERGROUP DELETE SPACETRIGGER DELETE STGPOOL DELETE SUBSCRIBER

COPY SCHEDULE (See note) COPY SCRIPT COPY SERVERGROUP DEFINE BACKUPSET DEFINE CLIENTACTION DEFINE CLOPTSET DEFINE DOMAIN DEFINE DRIVE DEFINE EVENTSERVER DEFINE GRPMEMBER DEFINE LIBRARY DEFINE MACHINE DEFINE MACHNODEASSOCIATION DEFINE MACHNODEASSOCIATION DEFINE PROFASSOCIATION DEFINE PROFILE DEFINE RECMEDMACHASSOCIATION DEFINE RECOVERYMEDIA DEFINE SCHEDULE (See note.) DEFINE SCRIPT DEFINE SERVER DEFINE SERVERGROUP DEFINE SPACETRIGGER DEFINE STGPOOL DEFINE SUBSCRIPTION

DELETE SUBSCRIPTION DISABLE EVENTS ENABLE EVENTS END EVENTLOGGING EXPIRE INVENTORY EXPORT ADMIN EXPORT NODE EXPORT POLICY EXPORT SERVER GENERATE BACKUPSET GRANT AUTHORITY IMPORT ADMIN IMPORT NODE IMPORT POLICY IMPORT SERVER INSERT MACHINE LOCK ADMIN LOCK PROFILE MOVE DRMEDIA MOVE GRPMEMBER NOTIFY SUBSCRIBERS PING SERVER PREPARE QUERY BACKUPSETCONTENTS QUERY RPFCONTENT

DELETE BACKUPSET DELETE CLIENTOPT DELETE CLOPTSET DELETE DOMAIN DELETE EVENTSERVER DELETE EXIT DELETE GRPMEMBER DELETE MACHINE DELETE MACHNODEASSOCIATION DELETE PROFASSOCIATION

RECONCILE VOLUMES REGISTER ADMIN REGISTER LICENSE REMOVE ADMIN RENAME ADMIN RENAME SCRIPT RENAME SERVERGROUP RENAME STGPOOL REVOKE AUTHORITY RUN

SET ACCOUNTING SET ACTLOGRETENTION SET AUTHENTICATION SET CLIENTACTDURATION SET CONFIGMANAGER SET CONFIGREFRESH SET CROSSDEFINE SET CONTEXTMESSAGING SET DRMCHECKLABEL SET DRMCOPYSTGPOOL SET DRMCOURIERNAME SET DRMDBBACKUPEXPIREDAYS SET DRMCMDFILENAME SET DRMFILEPROCESS

SET RETRYPERIOD SET SCHEDMODES SET SERVERHLADDRESS SET SERVERLLADDRESS SET SERVERNAME SET SERVERPASSWORD SET SERVERURL SET SUBFILE SET WEBAUTHTIMEOUT SETOPT UNLOCK ADMIN UNLOCK PROFILE UPDATE ADMIN UPDATE BACKUPSET

SET DRMINSTRPREFIX SET DRMNOTMOUNTABLENAME SET DRMPLANPREFIX SET DRMPLANVPOSTFIX SET DRMPRIMSTGPOOL SET DRMRPFEXPIREDAYS SET DRMVAULTNAME SET EVENTRETENTION SET MINPWLENGTH SET PASSEXP SET QUERYSCHEDPERIOD SET RANDOMIZE SET REGISTRATION

UPDATE CLIENTOPT UPDATE CLOPTSET UPDATE LIBVOLUME UPDATE MACHINE UPDATE PROFILE UPDATE RECOVERYMEDIA UPDATE SCRIPT UPDATE SERVER UPDATE SERVERGROUP UPDATE SPACETRIGGER UPDATE VOLHISTORY

Note: Indicates that this command is restricted by the authority granted to an administrator. System privilege is required only for administrative command schedules. System or policy privilege is required for client operation schedules.

Commands Requiring Policy Privilege

An administrator with policy privilege can issue commands that relate to policy management objects such as policy domains, policy sets, management classes, copy groups, and schedules. The policy domains that an administrator can manage depend on the authority granted to them by an administrator with system privilege. As an administrator with policy privilege, you can have unrestricted or restricted policy privilege. Unrestricted policy privilege permits you to issue all of the administrator commands that require policy privilege. You can issue commands that affect all existing policy domains as well as any policy domains that are defined in the future. An unrestricted policy administrator cannot define, delete, or copy policy domains. Restricted policy privilege permits you to issue administrator commands that affect one or more policy domains for which you have been explicitly granted authority. For example, the DELETE MGMTCLASS

command requires you to have policy privilege for the policy domain to which the management class belongs. Table 6 lists the commands that an administrator with policy privilege can issue. Table 6. Policy Privilege Commands ACTIVATE POLICYSET ASSIGN DEFMGMTCLASS BACKUP NODE COPY MGMTCLASS COPY POLICYSET COPY SCHEDULE (See note 2.) DEFINE ASSOCIATION DEFINE BACKUPSET DEFINE COPYGROUP DEFINE CLIENTACTION DEFINE MGMTCLASS DEFINE POLICYSET DEFINE SCHEDULE DELETE ASSOCIATION DELETE BACKUPSET DELETE COPYGROUP DELETE EVENT (See note 1.) DELETE FILESPACE DELETE MGMTCLASS DELETE POLICYSET DELETE SCHEDULE (See note 2.) GENERATE BACKUPSET LOCK NODE REGISTER NODE REMOVE NODE RENAME FILESPACE RENAME NODE SET SUMMARYRETENTION QUERY BACKUPSETCONTENTS RESTORE NODE UNLOCK NODE UPDATE BACKUPSET UPDATE COPYGROUP UPDATE DOMAIN UPDATE MGMTCLASS UPDATE NODE UPDATE POLICYSET UPDATE SCHEDULE (See note 2.) VALIDATE POLICYSET

Notes:

1. Indicates that this command can be restricted by policy domain. An administrator with unrestricted policy privilege or restricted policy privilege for a specified policy domain can issue this command. 2. Indicates that this command is restricted by the authority granted to an administrator. System privilege is required only for administrative command schedules. System or policy privilege is required for client operation schedules.

Commands Requiring Storage Privilege

An administrator with storage privilege can issue commands that allocate and control storage resources for the server. The commands that an administrator can issue depend on the authority granted to them by an administrator with system privilege. As an administrator with storage privilege, you can have unrestricted or restricted storage privilege. Unrestricted storage privilege permits you to issue all of the administrator commands that require storage privilege. You can issue commands that affect all existing storage pools as well as any storage pools that are defined in the future. You can also issue commands that affect the database and the recovery log. An unrestricted storage administrator cannot define or delete storage pools. Restricted storage privilege permits you to issue administrator commands that only affect a storage pool for which you have been granted authority. For example, the DELETE VOLUME command only affects a storage pool volume that is defined to a specific storage pool. Table 7 lists the commands an administrator with storage privilege can issue. Table 7. Storage Privilege Commands AUDIT LIBRARY AUDIT VOLUME (See note.) BACKUP DB BACKUP DEVCONFIG BACKUP STGPOOL BACKUP VOLHISTORY CHECKIN LIBVOLUME CHECKOUT LIBVOLUME DEFINE DATAMOVER DELETE DRIVE DELETE LIBRARY DELETE LOGVOLUME DELETE PATH DELETE SPACETRIGGER DELETE VOLHISTORY DELETE VOLUME (See note.) EXTEND DB EXTEND LOG

DEFINE DBBACKUPTRIGGER DEFINE DBCOPY DEFINE DBVOLUME DEFINE DEVCLASS DEFINE DRIVE DEFINE LIBRARY DEFINE LOGCOPY DEFINE LOGVOLUME DEFINE PATH DEFINE VOLUME (See note.) DEFINE SPACETRIGGER DELETE DATAMOVER DELETE DBBACKUPTRIGGER DELETE DBVOLUME DELETE DEVCLASS

MOVE DATA (See note.) MOVE NODEDATA (See note.) REDUCE DB REDUCE LOG RESTORE STGPOOL RESTORE VOLUME UPDATE DATAMOVER UPDATE DBBACKUPTRIGGER UPDATE DEVCLASS UPDATE DRIVE UPDATE LIBRARY UPDATE PATH UPDATE SPACETRIGGER UPDATE STGPOOL (See note.)

Note: Indicates that this command can be restricted by storage pool. An administrator with unrestricted storage privilege or restricted storage privilege for a specified storage pool can issue this command.

Commands Requiring Operator Privilege

An administrator with operator privilege can issue commands that control the immediate operation of the server and the availability of storage media. Table 8 lists the commands an administrator with operator privilege can issue. Table 8. Operator Privilege Commands

CANCEL SESSION DISABLE SESSIONS DISMOUNT VOLUME ENABLE SESSIONS HALT

MOVE DRMEDIA REPLY UPDATE VOLUME VARY

Commands Requiring Analyst Privilege

An administrator with analyst privilege can issue commands that reset the counters that track server statistics. Table 9 lists the commands an administrator with analyst privilege can issue. Table 9. Analyst Privilege Commands RESET BUFPOOL RESET DBMAXUTILIZATION RESET LOGCONSUMPTION RESET LOGMAXUTILIZATION

Commands Any Administrator Can Issue

Table 10 lists the commands any registered administrator can issue even if that administrator has not been granted any specific administrator privileges. Table 10. Commands Issued by All Administrators COMMIT ISSUE MESSAGE HELP MACRO QUERY ACTLOG QUERY ADMIN QUERY EVENT QUERY EVENTRULES QUERY EVENTSERVER QUERY FILESPACE QUERY LICENSE QUERY LIBRARY

QUERY ASSOCIATION QUERY AUDITOCCUPANCY QUERY BACKUPSET QUERY CONTENT QUERY COPYGROUP QUERY DATAMOVER QUERY DB QUERY DBBACKUPTRIGGER QUERY DBVOLUME QUERY DEVCLASS QUERY DOMAIN QUERY DRIVE QUERY DRMEDIA QUERY DRMSTATUS QUERY ENABLED

QUERY LIBVOLUME QUERY LOG QUERY LOGVOLUME QUERY MACHINE QUERY MGMTCLASS QUERY MOUNT QUERY NODE QUERY OCCUPANCY QUERY OPTION QUERY PATH QUERY POLICYSET QUERY PROCESS QUERY PROFILE QUERY RECOVERYMEDIA

QUERY REQUEST QUERY RESTORE QUERY RPFILE QUERY SCHEDULE QUERY SCRIPT QUERY SERVER QUERY SERVERGROUP QUERY SESSION QUERY SPACETRIGGER

SET SQLDATETIMEFORMAT SET SQLDISPLAYMODE SET SQLMATHMODE

QUERY SQLSESSION QUERY STATUS QUERY STGPOOL QUERY SUBSCRIBER QUERY SUBSCRIPTION QUERY SYSTEM QUERY VOLHISTORY QUERY VOLUME QUIT ROLLBACK SELECT