QUERY ADMIN (Display administrator information)

Use this command to display information about one or more administrators.

Privilege class

Any administrator can issue this command.

Syntax

Read syntax diagramSkip visual syntax diagram
                .-*----------.   
>>-Query ADmin--+------------+---------------------------------->
                '-admin_name-'   

>--+------------------------------+----------------------------->
   |             .-,------------. |   
   |             V              | |   
   '-CLasses--=----+-SYstem---+-+-'   
                   +-Policy---+       
                   +-STorage--+       
                   +-Operator-+       
                   '-Node-----'       

   .-Format--=--Standard-----.   
>--+-------------------------+---------------------------------->
   '-Format--=--+-Standard-+-'   
                '-Detailed-'     

>--+------------------------------+--+--------------------+----><
   '-AUTHentication--=--+-LOcal-+-'  '-ALerts--=--+-Yes-+-'   
                        '-LDap--'                 '-No--'     

Parameters

admin_name
Specifies the name of the administrator for which you want to display information. This parameter is optional. You can use wildcard characters to specify this name. If you do not specify a value for this parameter, all administrators are displayed.
CLasses
Specifies that you want to restrict output to those administrators that have privilege classes that you specify. This parameter is optional. You can specify multiple privilege classes in a list by separating the names with commas and no intervening spaces. If you do not specify a value for this parameter, information about all administrators is displayed, regardless of privilege class. Possible values are:
SYstem
Display information on administrators with system privilege.
Policy
Display information on administrators with policy privilege.
STorage
Display information on administrators with storage privilege.
Operator
Display information on administrators with operator privilege.
Node
Display information on users with client node privilege.
Format
Specifies how the information is displayed. This parameter is optional. The default value is STANDARD. Possible values are:
Standard
Specifies that partial information is displayed for the specified administrators.
Detailed
Specifies that complete information is displayed for the specified administrators.
Authentication
Specifies the password authentication method for the administrator.
LOcal
Display those administrators authenticating to the IBM® Tivoli® Storage Manager server.
LDap
Display those administrators authenticating to an LDAP directory server. The administrator password is case-sensitive.
ALert
Specifies whether alerts are sent to an administrators email address.
Yes
Specifies that alerts are sent to the specified administrators email address.
No
Specifies that alerts are not sent to the specified administrators email address. This is the default value.
Tip: Alert monitoring must be enabled, and email settings must be correctly defined to successfully receive alerts by email. To view the current settings, issue the QUERY MONITORSETTINGS command.

Example: Display information about all administrators

Display partial information on all administrators. Issue the command:
query admin
Administrator   Days Since  Days Since   Locked?   Privilege Classes
Name           Last Access    Password
                                   Set
-------------  -----------  ----------  ---------  ------------------
ADMIN                   <1          <1      No     System
SERVER_CONSOLE                              No     System
See Field descriptions for field descriptions.

Example: Display complete information about one administrator

From a managed server, display complete information for the administrator named ADMIN. Issue the command:
query admin admin format=detailed
        Administrator Name: ADMIN
     Last Access Date/Time: 1998.06.04 17.10.52
    Days Since Last Access: <1
    Password Set Date/Time: 1998.06.04 17.10.52
   Days Since Password Set: 26
     Invalid Sign-on Count: 0
                   Locked?: No
                   Contact:
          System Privilege: Yes
          Policy Privilege: **Included with system privilege**
         Storage Privilege: **Included with system privilege**
        Operator Privilege: **Included with system privilege**
   Client Access Privilege: **Included with system privilege**
    Client Owner Privilege: **Included with system privilege**
    Registration Date/Time: 05/09/1998 23:54:20
 Registering Administrator: SERVER_CONSOLE
          Managing profile:
Password Expiration Period: 90 Day (s)
             Email Address:
               Email Aerts: Yes
            Authentication: Local
              SSL Required: No
See Field descriptions for field descriptions.

Field descriptions

Administrator Name
Specifies the name of the administrator.
Last Access Date/Time
Specifies the date and time that the administrator last accessed the server.
Days Since Last Access
Specifies the number of days since the administrator last accessed the server.
Password Set Date/Time
Specifies the date and time that the administrator’s password was defined or most recently updated.
Days Since Password Set
Specifies the number of days since the administrator’s password was defined or most recently updated.
Invalid Sign-on Count
Specifies the number of invalid sign-on attempts that have been made since the last successful sign-on. This count can only be non-zero when an invalid password limit (SET INVALIDPWLIMIT) is greater than zero. When the number of invalid attempts equals the limit set by the SET INVALIDPWLIMIT command, the administrator is locked out of the system.
Locked?
Specifies whether the administrator is locked out of the system.
Contact
Specifies any contact information for the administrator.
System Privilege
Specifies whether the administrator has been granted system privilege.
Policy Privilege
Specifies whether the administrator has been granted unrestricted policy privilege or the names of any policy domains that the restricted policy administrator can manage.
Storage Privilege
Specifies whether the administrator has been granted unrestricted storage privilege or the names of any storage pools that the restricted storage administrator can manage.
Operator Privilege
Specifies whether the administrator has been granted operator privilege.
Client Access Privilege
Specifies that client access authority has been granted to a user with node privilege.
Client Owner Privilege
Specifies that client owner authority has been granted to a user with node privilege.
Registration Date/Time
Specifies the date and time that the administrator was registered.
Registering Administrator
Specifies the name of the administrator who registered the administrator. If this field contains $$CONFIG_MANAGER$$, the administrator is associated with a profile that is managed by the configuration manager.
Managing Profile
Specifies the profiles to which the managed server subscribed to get the definition of this administrator.
Password Expiration Period
Specifies the administrator's password expiration period.
Email Address
Specifies the email address for the administrator.
Email Alerts
Specifies whether alerts are sent to the specified administrator by email.
Authentication
Specifies the password authentication method: LOCAL, LDAP, or LDAP (pending).
Authentication Target Authentication Method
Tivoli Storage Manager server LOCAL
LDAP directory server LDAP
This administrator is configured to authenticate with an LDAP directory server, but the administrator did not yet authenticate through a client node. LDAP (pending)
SSL Required
Specifies if the security setting for the administrator user ID requires Secure Sockets Layer (SSL). Values can be YES, NO, or Default. You must have system level authority to update the administrator SSLREQUIRED setting.

Related commands

Table 1. Commands related to QUERY ADMIN
Command Description
GRANT AUTHORITY Assigns privilege classes to an administrator.
QUERY NODE Displays partial or complete information about one or more clients.
QUERY STATUS Displays the settings of server parameters, such as those selected by the SET commands.
REGISTER ADMIN Defines a new administrator without granting administrative authority.
REMOVE ADMIN Removes an administrator from the list of registered administrators.
RENAME ADMIN Changes a Tivoli Storage Manager administrator’s name.
RESET PASSEXP Resets the password expiration for nodes or administrators.
REVOKE AUTHORITY Revokes one or more privilege classes or restricts access to policy domains and storage pools.
SET INVALIDPWLIMIT Sets the number of invalid logon attempts before a node is locked.
SET MINPWLENGTH Sets the minimum length for client passwords.
SET PASSEXP Specifies the number of days after which a password is expired and must be changed.