QUERY ADMIN (Display administrator information)
Use this command to display information about one or more administrators.
Privilege class
Any administrator can issue this command.
Syntax
.-*----------. >>-Query ADmin--+------------+----------------------------------> '-admin_name-' >--+------------------------------+-----------------------------> | .-,------------. | | V | | '-CLasses--=----+-SYstem---+-+-' +-Policy---+ +-STorage--+ +-Operator-+ '-Node-----' .-Format--=--Standard-----. >--+-------------------------+----------------------------------> '-Format--=--+-Standard-+-' '-Detailed-' >--+------------------------------+--+--------------------+---->< '-AUTHentication--=--+-LOcal-+-' '-ALerts--=--+-Yes-+-' '-LDap--' '-No--'
Parameters
- admin_name
- Specifies the name of the administrator for which you want to display information. This parameter is optional. You can use wildcard characters to specify this name. If you do not specify a value for this parameter, all administrators are displayed.
- CLasses
- Specifies that you want to restrict output to those administrators
that have privilege classes that you specify. This parameter is optional.
You can specify multiple privilege classes in a list by separating
the names with commas and no intervening spaces. If you do not specify
a value for this parameter, information about all administrators is
displayed, regardless of privilege class. Possible values are:
- SYstem
- Display information on administrators with system privilege.
- Policy
- Display information on administrators with policy privilege.
- STorage
- Display information on administrators with storage privilege.
- Operator
- Display information on administrators with operator privilege.
- Node
- Display information on users with client node privilege.
- Format
- Specifies how the information is displayed. This parameter is
optional. The default value is STANDARD. Possible values are:
- Standard
- Specifies that partial information is displayed for the specified administrators.
- Detailed
- Specifies that complete information is displayed for the specified administrators.
- Authentication
- Specifies the password authentication method for the administrator.
- LOcal
- Display those administrators authenticating to the IBM Spectrum Protect™ server.
- LDap
- Display those administrators authenticating to an LDAP directory server. The administrator password is case-sensitive.
- ALert
- Specifies whether alerts are sent to an administrators email address.
- Yes
- Specifies that alerts are sent to the specified administrators email address.
- No
- Specifies that alerts are not sent to the specified administrators email address. This is the default value.
Tip: Alert monitoring must be enabled, and email settings must be correctly defined to successfully receive alerts by email. To view the current settings, issue the QUERY MONITORSETTINGS command.
Example: Display information about all administrators
Display partial information on all administrators. Issue the command:query admin
Administrator Days Since Days Since Locked? Privilege Classes
Name Last Access Password
Set
------------- ----------- ---------- --------- ------------------
ADMIN <1 <1 No System
SERVER_CONSOLE No System
See Field descriptions for field descriptions.Example: Display complete information about one administrator
From
a managed server, display complete information for the administrator
named ADMIN. Issue the command:
query admin admin format=detailed
Administrator Name: ADMIN
Last Access Date/Time: 1998.06.04 17.10.52
Days Since Last Access: <1
Password Set Date/Time: 1998.06.04 17.10.52
Days Since Password Set: 26
Invalid Sign-on Count: 0
Locked?: No
Contact:
System Privilege: Yes
Policy Privilege: **Included with system privilege**
Storage Privilege: **Included with system privilege**
Operator Privilege: **Included with system privilege**
Client Access Privilege: **Included with system privilege**
Client Owner Privilege: **Included with system privilege**
Registration Date/Time: 05/09/1998 23:54:20
Registering Administrator: SERVER_CONSOLE
Managing profile:
Password Expiration Period: 90 Day (s)
Email Address:
Email Aerts: Yes
Authentication: Local
SSL Required: No
See Field descriptions for field descriptions.Field descriptions
- Administrator Name
- Specifies the name of the administrator.
- Last Access Date/Time
- Specifies the date and time that the administrator last accessed the server.
- Days Since Last Access
- Specifies the number of days since the administrator last accessed the server.
- Password Set Date/Time
- Specifies the date and time that the administrator’s password was defined or most recently updated.
- Days Since Password Set
- Specifies the number of days since the administrator’s password was defined or most recently updated.
- Invalid Sign-on Count
- Specifies the number of invalid sign-on attempts that have been made since the last successful sign-on. This count can only be non-zero when an invalid password limit (SET INVALIDPWLIMIT) is greater than zero. When the number of invalid attempts equals the limit set by the SET INVALIDPWLIMIT command, the administrator is locked out of the system.
- Locked?
- Specifies whether the administrator is locked out of the system.
- Contact
- Specifies any contact information for the administrator.
- System Privilege
- Specifies whether the administrator has been granted system privilege.
- Policy Privilege
- Specifies whether the administrator has been granted unrestricted policy privilege or the names of any policy domains that the restricted policy administrator can manage.
- Storage Privilege
- Specifies whether the administrator has been granted unrestricted storage privilege or the names of any storage pools that the restricted storage administrator can manage.
- Operator Privilege
- Specifies whether the administrator has been granted operator privilege.
- Client Access Privilege
- Specifies that client access authority has been granted to a user with node privilege.
- Client Owner Privilege
- Specifies that client owner authority has been granted to a user with node privilege.
- Registration Date/Time
- Specifies the date and time that the administrator was registered.
- Registering Administrator
- Specifies the name of the administrator who registered the administrator. If this field contains $$CONFIG_MANAGER$$, the administrator is associated with a profile that is managed by the configuration manager.
- Managing Profile
- Specifies the profiles to which the managed server subscribed to get the definition of this administrator.
- Password Expiration Period
- Specifies the administrator's password expiration period.
- Email Address
- Specifies the email address for the administrator.
- Email Alerts
- Specifies whether alerts are sent to the specified administrator by email.
- Authentication
- Specifies the password authentication method: LOCAL, LDAP, or
LDAP (pending).
Authentication Target Authentication Method IBM Spectrum Protect server LOCAL LDAP directory server LDAP This administrator is configured to authenticate with an LDAP directory server, but the administrator did not yet authenticate through a client node. LDAP (pending) - SSL Required
- Specifies if the security setting for the administrator user ID requires Secure Sockets Layer (SSL). Values can be YES, NO, or Default. You must have system level authority to update the administrator SSLREQUIRED setting.
Related commands
Command | Description |
---|---|
GRANT AUTHORITY | Assigns privilege classes to an administrator. |
QUERY NODE | Displays partial or complete information about one or more clients. |
QUERY STATUS | Displays the settings of server parameters, such as those selected by the SET commands. |
REGISTER ADMIN | Defines a new administrator without granting administrative authority. |
REMOVE ADMIN | Removes an administrator from the list of registered administrators. |
RENAME ADMIN | Changes an IBM Spectrum Protect administrator’s name. |
RESET PASSEXP | Resets the password expiration for nodes or administrators. |
REVOKE AUTHORITY | Revokes one or more privilege classes or restricts access to policy domains and storage pools. |
SET INVALIDPWLIMIT | Sets the number of invalid logon attempts before a node is locked. |
SET MINPWLENGTH | Sets the minimum length for client passwords. |
SET PASSEXP | Specifies the number of days after which a password is expired and must be changed. |