Hi Steven, I can absolutely second this opinion. As a workaround, and to minimize security issues, you could instead go and do an instant access of the disk, mounting it as an additional disk to the vm, import the Volume Group/File System and restore the files manually. Not nice, but manageable and secure. And you don't have to mess with RBAC to enable Users to Access only File Restore in Spectrum Protect Plus.
Best Regards Stefan Schulz Consultant CANCOM GmbH -----Ursprüngliche Nachricht----- Von: ADSM: Dist Stor Manager <ADSM-L@VM.MARIST.EDU> Im Auftrag von Steven Harris1 Gesendet: Dienstag, 12. Mai 2020 02:19 An: ADSM-L@VM.MARIST.EDU Betreff: [ADSM-L] SPP Security hole Hi list. I've been told that this list is also for Spectrum Protect Plus so here goes. I'm about to build an SPP environment to back up a small VMWare environment. SPP is to be 10.5.1 and the nodes are all RHEL 7. Getting down into the details I see that for file indexing to work we need to set up an sppagent user. Looks like the filesystem will be trawled for file details using this user. The user is to be defined with sudo rights to run ANY command, without a password! That is not going to pass muster in any enterprise. It would be unprofessional even to contemplate it. This particular environment is a secure one, so this may well kill the product here. I have raised a ticket to get a definitive list of commands, and if I don't get satisfaction I will raise an APAR against this, but seriously, I fail to see how a product could even get publicly released with such a serious security hole. Cheers Steven Harris Admin Dogsbody, Canberra Australia
