Command Approvals

Configure the command-approvals feature on the server, and view information about the commands that were held for command approval.

The command-approvals feature is safeguard that prevents certain commands from running until they are approved by another administrator. The commands that required approval are called restricted commands. The set of restricted commands is predefined and non-configurable. The restricted commands were chosen because they are powerful, often destructive commands, that can have unintended consequences. Unintended consequences from using the restricted commands might result from inexperience with IBM Spectrum Protect or unfamiliarity with your organization's storage configuration or policies.

When the command-approvals feature is enabled, administrators who are not approvers can issue restricted commands, but the commands do not run unless they are approved. In this way, the command approvals feature enforces an oversight process, which can help prevent an administrator from running a command that might have unintended consequences.

You configure command approvals by designating the approval administrators and by specifying whether approval administrators are exempt from command approvals. An approval administrator can approve or reject pending commands. If approval administrators are exempt from command approvals, restricted commands that are issued by approval administrators can run unimpeded. Specifying that approval administrators are not exempt enforces a peer-review process for all administrators.

Any number of administrators can be designated as approval administrators. You should designate enough approval administrators so that pending commands can be approved or rejected in a timely manner. Pending commands that are not approved within 72 hours are automatically rejected.

An approval administrator's privilege classes are irrelevant. The administrator who issues a restricted command must be authorized to run the command, but the approval administrator does not require the same level of authorization.

The command-approvals feature is not a security mechanism, and relies on the cooperation of all participants. Privilege classes remain the security mechanism by which you grant individual administrators access to some or all commands. To prevent administrators from accessing commands that are outside their job responsibilities, assign them only to the privilege classes that they require.

To view the commands that are still pending approval, click the Pending tab. To view the commands that were approved or rejected, click the History tab.

Pending tab

The Pending tab shows all of the commands that are pending approval. For each pending command, you can view the full command that was issued, and information such as the administrator who issued the command and when the command was issued.

If you are an approval administrator, the following actions are available for each command:

Approve: Use this action if you are satisfied that the pending command is correct and it is safe to run the command. When you click Approve, the command runs and its output is displayed.
Reject: Use this action if you determine that the pending command can have an unwanted result. When you click Reject, you are prompted for the reason why you are rejecting the command. Later, the administrator who issued the command can view the reason why the command was rejected on the History tab.

If you are the administrator who issued the command, the following action is available for the command:

Withdraw: Use this action if you decide to not run the command. When you click Withdraw, the command is no longer subject to approval, and does not run.

History tab

To view the commands that were approved or rejected, click the History tab. On the History tab, the following information is available for each command:

Status: Specifies whether the command was approved or rejected. Approved commands were allowed to run on the server. Rejected commands did not run on the server.
Approver: The approval administrator who approved or rejected the command.
Resolution Date: The date and time when the command was approved or rejected. If the command was approved, the date and time when the command ran on the server.
Command: The full command that was submitted for approval.
Reason: If the approval administrator rejected the command, the reason the approval administrator specified for rejecting the command.
Submitted By: The administrator who issued the command that was held for approval.
Date Submitted: The date the command was issued and held for approval.
Activity Log: If the command was approved and allowed to run on the server, use the activity log to view the command results. Select the command entry in the table and review server messages that were logged around the time that the command was approved.