Firewall Wizards mailing list archives
VAJ question.
From: Maddy <mwlalex () magix com sg>
Date: Sun, 07 Jan 2001 02:08:55 +0800
I wonder if anyone here has any experience with VAJ (IBM) ? This application is used in the development of Java-based software and it has a repository to contain all the various version of codes. It has an "unusual" design in which there is only 1 superuser ID. This ID is used to administer user IDs, grant resource and to manage the repository. To manage the repository involves backing up, maintaining and recovering the repository, when the need arises.
From audit point of view, this role belongs to the system administrator
because of the highly operational tasks in managing the repo.
From the system admin perspective, the role goes to the security admin
due to tracking and accounting requirements ([1] there is only 1 repo admin ID, [2] this ID cannot be shared and tracked since detailed tracking is not practical due to system performance reasons and [3] this ID holds too much power for an system admin to be responsible)
From the security point of view, this repo admin role has mixed system
and security administering responsibilities. That being the case, perhaps the rules of accountability should be flexible and hence the ID be shared. I simply do not understand why IBM has such a product design and I had the impression that IBM is a security-aware company. Any IBMers here ? Pls ease my frustration and disappointment. As for the experts here, I would appreciate any suggestions on how to resolve this situation. TIA ! Rgds Maddy _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- VAJ question. Maddy (Jan 08)
- Re: VAJ question. Webmaster (Jan 08)