Tivoli Storage Manager currently prevents the modification of data under Tivoli Storage Manager control and the
deletion of archive objects by unauthorized agents, such as an individual
or a program. This protection extends to preventing the deletion of
data by any agent before the expiration of the retention period.
About this task
Protecting archive retention helps to ensure that no
individual or program can maliciously or accidentally delete data
that is under
Tivoli Storage Manager control. An archive object that is sent to an archive retention
protection server is protected from accidental deletes and has an
enforced retention period. Archive retention protection has the following
restrictions:
- Only archive operations are allowed on a retention protection
server.
- Any object that is not bound explicitly to a management class
through a value in the dsmBindMc function call
or through include-exclude statements is bound to the explicit name
of the default management class. For example, if the default management
class in the node policy is MC1, the object is bound explicitly to
MC1 rather than to DEFAULT. On a query response, the object displays
as bound to MC1.
- After you enable archive data retention protection, any attempt
to delete an object before the retention period expires returns the
code DSM_RC_ABORT_DELETE_NOT_ALLOWED on the end transaction.
See the appropriate
Tivoli Storage Manager server Administrator's
Reference for setting retention protection for an archive object.
Procedure
To set up archive data retention protection, complete
the following steps:
- On a new server installation with no previous data, run
the SET ARCHIVERETENTIONPROTECTION ON command.
- In the API option string on the dsmInit or dsmInitEx function calls, enter the following
instruction:
-ENABLEARCHIVERETENTIONPROTECTION=yes
You can also set the enablearchiveretentionprotection option in your dsm.opt file on
systems other than UNIX, or in your dsm.sys file
on UNIX systems: SERVERNAME srvr1.ret
TCPPORT 1500
TCPSERVERADDRESS node.domain.company.com
COMMMETHOD TCPIP
ENABLEARCHIVERETENTIONPROTECTION YES
For more information
about this option, see The enablearchiveretentionprotection option.
- Issue a query to the server to confirm that the Tivoli Storage Manager server is enabled
for archive retention protection. Check the value of the archiveRetentionProtection field in the dsmQuerySessInfo structure.