REGISTER ADMIN (Register an administrator ID)

Use this command to add an administrator ID to the server. After registration, the administrator ID can issue a limited set of commands, including all query commands. To provide additional privileges, use the GRANT AUTHORITY command.

Privilege class

To issue this command, you must have system privilege.

Remember: When you register an administrator with the same name as an existing node, be aware of the administrator authentication method and the SSLREQUIRED setting. Any node that has the same name as the administrator that is being registered inherits those settings.

Syntax

Read syntax diagramSkip visual syntax diagram
                              (1)             
>>-REGister Admin--admin_name------password--------------------->

>--+------------------------+--+------------------+------------->
   |  (2)                   |  '-CONtact--=--text-'   
   '-------PASSExp--=--days-'                         

   .-FORCEPwreset--=--No------.   
>--+--------------------------+--------------------------------->
   '-FORCEPwreset--=--+-No--+-'   
                      '-Yes-'     

>--+------------------------------+----------------------------->
   '-EMAILADdress--=--userID@node-'   

      (3)                               
   .-------AUTHentication--=--LOcal-.   
>--+--------------------------------+--------------------------->
   '-AUTHentication--=--+-LOcal-+---'   
                        '-LDap--'       

   .-SSLrequired--=--DEFault-----.  .-ALert--=--No------.   
>--+-----------------------------+--+-------------------+------><
   '-SSLrequired--=--+-Yes-----+-'  '-ALert--=--+-Yes-+-'   
                     +-No------+                '-No--'     
                     '-DEFault-'                            

Notes:
  1. A password is not required if you register an administrator and select AUTHENTICATION=LDAP. At logon, you are prompted for a password.
  2. The PASSEXP command does not apply to administrators who authenticate to an LDAP directory server.
  3. The default value can change if you issued the SET DEFAULTAUTHENTICATION command and specified LDAP.

Parameters

admin_name (Required)
Specifies the name of the administrator to be registered. The maximum length of the name is 64 characters.

You cannot specify an administrator name of NONE.

password (Required)
Specifies the password of the administrator to be registered. The maximum length of the password is 64 characters. The password is not case-sensitive if authentication is with the Tivoli® Storage Manager server. Passwords that authenticate with an LDAP directory server are case-sensitive. See Naming Tivoli Storage Manager objects for the characters that are available for specifying a password.
Tip: A password is not required if you register an administrator and select AUTHENTICATION=LDAP. At logon, you are prompted for a password.
PASSExp
Specifies the number of days the password remains valid. You can set the password expiration period from 0 to 9999 days. A value of 0 means that the password never expires. This parameter is optional. If you do not specify this parameter, the password is set with the global expiration period of 90 days. This parameter does not affect passwords that authenticate with an LDAP directory server.
CONtact
Specifies information identifying the administrator being registered. This parameter is optional. The maximum length of this string is 255 characters. The contact information must be enclosed in quotation marks if it contains any blanks.
FORCEPwreset
Specifies whether the administrator is required to change or reset the password. This parameter is optional. The default value is NO. Possible values are:
No
Specifies that the administrator does not need to change or reset the password while attempting to sign on to the server.
Yes
Specifies that the administrator's password expires at the next sign-on. The client or administrator must change or reset the password then. If a password is not specified, you receive an error message.
EMAILADdress
Specifies the email address for this administrator.
AUTHentication
This parameter specifies the authentication method for the administrator user ID. Specify one of the following values: LDAP or LOCAL. The parameter is optional and defaults to LOCAL. The default can change to LDAP if you use the SET DEFAULTAUTHENTICATION command and specify LDAP.
LOcal
Specifies that the local Tivoli Storage Manager server database is used.
LDap
Specifies that the administrator user ID authenticates passwords with an LDAP directory server. Passwords that authenticate with an LDAP directory server are case-sensitive.
Tip: A password is not required if you register an administrator and select AUTHENTICATION=LDAP. At logon, you are prompted for a password.
SSLrequired
Specifies whether the administrator user ID must use Secure Sockets Layer (SSL) to communicate between the Tivoli Storage Manager server and the backup-archive client. When you authenticate passwords with an LDAP directory server, you must protect the sessions by using SSL or another network security method.
Yes
Specifies that SSL is required.
No
Specifies that SSL is not required.
DEFault
Specifies that SSL is required for an administrator if the password that is associated with its user ID authenticates with an LDAP directory server. SSL is not required for an administrator ID that authenticates its password with the Tivoli Storage Manager server (LOCAL).
ALert
Specifies whether alerts are sent to an administrators email address.
Yes
Specifies that alerts are sent to the specified administrators email address.
No
Specifies that alerts are not sent to the specified administrators email address. This is the default value.
Tip: Alert monitoring must be enabled, and email settings must be correctly defined to successfully receive alerts by email. To view the current settings, issue the QUERY MONITORSETTINGS command.

Example: Register an administrator ID

Define an administrator, LARRY, with the password PASSONE. You can identify LARRY as second-shift personnel by specifying this information with the CONTACT parameter. Issue the command:
register admin larry passone contact='second shift'

Example: Register an administrator ID and set the authentication method

Define an administrator ID for Harry, use the password Pa$#$twO. Using the ID and password, Harry can authenticate to the LDAP directory server. Issue the command:
register admin Harry Pa$#$twO authentication=ldap
If the password specified does not adhere to LDAP password standards, the administrator is registered, and at log-in a new password must be entered.

Related commands

Table 1. Commands related to REGISTER ADMIN
Command Description
GRANT AUTHORITY Assigns privilege classes to an administrator.
LOCK ADMIN Prevents an administrator from accessing Tivoli Storage Manager.
QUERY ADMIN Displays information about one or more Tivoli Storage Manager administrators.
QUERY MONITORSETTINGS (Query the configuration settings for monitoring alerts and server status) Displays information about monitoring alerts and server status settings.
REGISTER NODE Defines a client node to the server and sets options for that user.
REMOVE ADMIN Removes an administrator from the list of registered administrators.
RENAME ADMIN Changes a Tivoli Storage Manager administrator’s name.
SET DEFAULTAUTHENTICATION Specifies the default password authentication method for any REGISTER NODE or REGISTER ADMIN commands.
SET PASSEXP Specifies the number of days after which a password is expired and must be changed.
UNLOCK ADMIN Enables a locked administrator to access Tivoli Storage Manager.
UPDATE ADMIN Changes the password or contact information associated with any administrator.
UPDATE NODE Changes the attributes associated with a client node.