SAM can be configured to provide a subset of its overall functionality to specified users such as operators. You may, for instance, wish to give a user the ability to start a backup but not the ability to manage disks and file systems. With the Restricted SAM Builder, you have control of the functional areas to which specified users have access. When specifying the functionality you wish to give a user, you invoke SAM with the -r option, initiating a Restricted SAM Builder session. After you have set up a user with specific functionality, you can then invoke SAM with both the -r and -f options with the login name of a user you wish to test. The functionality of the user can be tested using these two options along with the login name. Initially Setting User Privileges When you invoke SAM with the -r option, you are first asked to select the user to whom you want to assign privileges. You will then be shown a list of default privileges for a new restricted SAM user. Figure 11-13 shows the default privileges SAM recommends for a new restricted user; note that custom SAM functional areas are disabled by default. Figure 11-13. Restricted SAM Builder Screen You can select from the Actions shown in Figure 11-13 to control access to functional areas. Of particular interest is the ability to save the privileges, which you may later use as a template for other users with Load User Privileges from the Actions menu. The user will now have only access to the functional areas specified and therefore be able to execute tasks in only the areas to which they have access. |