[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: snmpconf General Functional Questions

on 07/06/2000 2:25 PM, Steve Waldbusser at waldbusser@nextbeacon.com wrote:

> Sometimes the architect and the tech mean different things. Sometimes the
> architect is wrong and sometimes the tech is wrong. We can't assume that
> either is always right. The middle ground is to require that the tech take
> special action for those things under policy control - to acknowledge that
> what they are about to do is a conscious decision to violate the policy.
> No more unreasonable than "Delete all files. Are you sure?"

My experience suggests that the concern that people have about inconsistent
policies that Steve is concerned with is valid. That does not outweigh the
valid concern that people have that they are able to make modifications to
'standard' policies for any reason any of us can think of and probably more
that we can not think of.

If a particular environment does not want to allow these modifications then
we have the mechanisms in the infrastructure to let the people who deploy
the system decide who can change what where.

I believe we must support the ability for users who have been authorized
(regardless of job title) to modify elements that are under policy control
and for the policy system to reflect this state. Lets put the modified(3)
value in.