Enable Retention Lock Governance for Security Officer authorization
As a best practice, enable Retention Lock Governance mode for deployments that do not support Retention Lock Compliance mode or if you do not have a license for Retention Lock Compliance.
About this task
If you initially configure or update to a
DD system that is running DD OS 7.8 or DD OS 7.9 that does not support Retention Lock Compliance (that is, Data Domain Virtual Edition), it is recommended that you enable security authorization with Retention Lock Governance. After you enable security authorization, reverting locks on files requires dual-authentication. This dual-authentication adds an extra layer of protection.
Steps
Log in to the
DD system as sysadmin.
Type the following command:
sysadmin@hostname# system retention-lock governance security-auth enable
When prompted, enter the sysadmin password, Security Officer credentials, and verify that you want to enable Retention Lock Governance:
Please enter sysadmin password to confirm 'system retention-lock governance security-auth enable | disable':
This command requires authorization by a user having a 'security' role.
Please present credentials for such a user below.
Username: ddso
Password:
Do you want to enable Security Officer authorization for retention-lock governance? (yes|no) [no]: yes
Security Officer authorization is enabled for Retention Lock Governance.
Verify that security authorization is enabled with Retention Lock Governance:
sysadmin@hostname# system retention-lock governance security-auth status
Results
The Security Officer authorization is enabled on the system for Retention Lock Governance.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\