MOMI has the ability to limit the screens and features available to users of the PC Client. Virtually every screen (with some exceptions) may be turned on/off. Client Access configuration is optional but provided to allow system administrators to tailor MOMI more closely to their specific needs.
Users are identified to MOMI using the standard Guardian User Id or Safeguard Alias.
Client Access is configured and enabled after MOMI is installed and operational. Configuration information is stored on the Tandem Server in the file CNF01DB.
This section describes Client Access and gives examples of turning Client Access on and configuring.
Client Access is not the access security granted to users accessing the Nonstop system. All sensitive commands, regardless of Client Access settings, require logon security as discussed in Security Logon / Logoff.
The user that starts MOMI on the Nonstop server is considered the Default Security User. This user is allowed to activate Client Access, configure global Client Access settings, define new users and grant the Security User right to others.
Once additional users are defined on the system and at least one is configured as a Security User, it is generally no longer necessary to use the Default Security User. Some operations, such as disabling Client Access, may only be performed by the Default Security User.
The default may be overridden with the CONFMOMI keyword DEFAULT-SECURITY-USER,
When MOMI is started for the first time and creates its configuration file CNF01DB, Client Access is turned off. All MOMI PC Client screens are displayed to any user that starts the MOMI PC Client. Some functions, such as Alarm configuration and operation may only be performed by the user that starts the MOMI server.
In this point, the user that starts the MOMI server is the only user with full control and full access over the MOMI environment.
The Default Security User logs on to the MOMI PC Client and navigates to the screen Configure / Client Access / Global Settings. Check the box to enable Client Access and then press the button "Change Global Client Access Settings".
Once Client Access is enabled, no other user is allowed to logon to the MOMI PC Client until they are defined to Client Access.
Two user are automatically created within Client access to support predefined functions.
"NOT LOGGED ON" determines what screens/function the MOMI PC Client are available when no logon has been performed. This is the state of the MOMI PC Client just after it is started or after a user logs off.
"USER NOT DEFINED" is a default or what is used in the event that the User ID used at logon time is not found in the Client Access database. This user is not enabled by default. This user provides the means to define a minimum or default level of operation for any user that can logon to the host or where it is not necessary to define each user on the system.
When the MOMI PC Client is first started, the predefined user "NOT LOGGED ON" is initially used to determine what screens and functions are available. When a user logs on, the Client Access database is searched in the following order:
1) an exact match to the User ID
2) match User ID by wild card
3) use USER NOT DEFINED if enabled
An exact match to the User ID entered against a User ID defined in the Client Access database always takes precedence. Next, the Client Access database is searched again but logic is enable to allow the first match with an entry containing a wild card. Lastly, the predefined user "USER NOT DEFINED" is chosen if enabled.
Wild-card support, such as ADMIN.*, is available in the MOMI PC Client 4.05 and later.
The following examples (denoted by a Æ) describe the sequence of steps necessary to perform certain activities. With the exception of the first two examples, which assume an initial configuration, all other steps assume that Client Access is enabled.
Æ The MOMI server is initially started
Results
Any user may logon
Only the Default Security User may add/delete/operate an Alarm
Only the Default Security User may enable Client Access checking
Æ Enable Client Access checking
Log on to Client as User that started the MOMI server on Tandem
Go to the screen Configure/Client Access/Global Settings
Check "Enable Client Access Checking on this System"
Click the button "Change Global Client Access Settings"
Results
Only the Default Security User may logon
The profile "NOT LOGGED ON" determines all other user access
Æ Set profile for "NOT LOGGED ON"
Log on to Client as User that started the MOMI server on Tandem
Go to the screen Configure/Client Access/Define
Select User ID (in the upper left hand corner of the screen)
In the drop-down box pick "NOT LOGGED ON"
Configure as desired
Save settings by clicking button "Change User"
Results
Users not logged on have settings as configured
Æ Add an individual User ID
Log on to Client as User that started the MOMI server on Tandem
Go to the screen Configure/Client Access/Define
Select User ID (in the upper left hand corner of the screen)
Enter User ID and Description
Don't enter or select a "Member of Group"
Configure as desired
Save settings by clicking button "Save New User"
Results
User ID may logon to MOMI
User ID when logged on has settings as configured
Æ Add a Group ID
Log on to Client as User that started the MOMI server on Tandem
Go to the screen Configure/Client Access/Define
Select Group ID (in the upper left hand corner of the screen)
Enter Group ID and Description
Configure as desired
Save settings by clicking button "Save New Group"
Results
A new Group ID is now available
Æ Add an User ID to a group
Log on to Client as User that started the MOMI server on Tandem
Go to the screen Configure/Client Access/Define
Select User ID (in the upper left hand corner of the screen)
Enter User ID and Description
Select in the drop-down box "Member of Group"
Save settings by clicking button "Save New User"
Results
A new User ID that is a member of a group is now available
Æ Limit AutoUpdate time
Log on to Client as User that started the MOMI server on Tandem
Go to the screen Configure/Client Access/Global Settings
Check box and "Set AutoUpdate Limit to" value
Save settings by clicking button "Change Global Client Access Settings"
Results
AutoUpdate is limited by default for all users. This may be overridden on an individual or group basis.
Æ Restore the default state of Client Access and Disable (use only if you really mess up)
Log on to Client as User that started the MOMI server on Tandem
Go to the screen Configure/Client Access/Global Settings
Press button "Delete All Client Access Records"
Press confirmation button
Results
Client Access disabled. Default functionality restored.
Æ Disable Client Access Checking
Log on to Client as User that started the MOMI server on Tandem
Go to the screen Configure/Client Access/Global Settings
Uncheck box "Enable Client Access Checking on this System"
Save settings by clicking button "Change Global Client Access Settings"
Results
Client Access disabled. Default functionality restored.
User profiles are still present.