MOMI has the ability to limit the screens and features available to users of the PC Client. Virtually every screen (with some exceptions) may be turned on/off. Client Access configuration is optional but provided to allow system administrators to tailor MOMI more closely to their specific needs.
Users are identified to MOMI using the standard Guardian User Id or Safeguard Alias. Client Access relies on host to perform authentication (in other words MOMI does not maintain a database of User Id's and passwords).
Client Access is configured and enabled after MOMI is installed and operational. Configuration information is stored on the Tandem Server in the file CNF01DB.
This section describes Client Access and gives examples of turning Client Access on and configuring.
Client Access is not the security granted to users accessing the Nonstop system. All sensitive commands, regardless of Client Access settings, require logon security as discussed in Security Logon / Logoff.
The user that starts MOMI on the Nonstop server is considered the Default Security User. This user is allowed to activate Client Access, configure global Client Access settings, define new users and grant the Security User right to others.
Once additional users are defined on the system and at least one is configured as a Security User, it is generally no longer necessary to use the Default Security User. Some operations, such as disabling Client Access, may only be performed by the Default Security User.
The default may be overridden with the CONFMOMI keyword DEFAULT-SECURITY-USER,
When MOMI is started for the first time and creates its configuration file CNF01DB, Client Access is turned off. All MOMI PC Client screens are displayed to any user that starts the MOMI PC Client. Some functions, such as Alarm configuration and operation may only be performed by the user that starts the MOMI server.
In this point, the user that starts the MOMI server is the only user with full control and full access over the MOMI environment.
The Default Security User logs on to the MOMI PC Client and navigates to the screen Configure / Client Access / Global Settings. Check the box to enable Client Access and then press the button "Change Global Client Access Settings".
Two user are automatically created within Client Access and are used to determine available screens/function when 1) the client is not logged on and 2) the client has logged on their User Id is not defined within MOMI.
"NOT LOGGED ON" determines what screens/function the MOMI PC Client are available prior to a logon or when a Logoff is performed.
"USER NOT DEFINED" determines what screens/function the MOMI PC Client are available in the event that the User ID is not found in the Client Access database. This user provides the means to define the default operation for any user that can logon to the host.
When the MOMI PC Client is first started, the predefined user "NOT LOGGED ON" determines what screens/function are available. When a user logs on, the Client Access database is searched in the following order:
1) an exact match to the User ID
2) match User ID by wild card
3) use USER NOT DEFINED if enabled
An exact match to the User ID entered against a User ID defined in the Client Access database always takes precedence. Next, the Client Access database is searched again but logic is enable to allow the first match with an entry containing a wild card. Lastly, the predefined user "USER NOT DEFINED" is chosen if enabled.
Wild-card support, such as ADMIN.*, is available in the MOMI PC Client 4.05 and later.
The following examples (denoted by a Æ) describe the sequence of steps necessary to perform certain activities. With the exception of the first two examples, which assume an initial configuration, all other steps assume that Client Access is enabled.
Æ The MOMI server is initially started
Results
All screens within MOMI are available to all users
Only the Default Security User may add/delete/operate an Alarm
Only the Default Security User may enable Client Access checking
Æ Enable Client Access checking
Log on to Client as User that started the MOMI server on Tandem
Go to the screen Configure/Client Access/Global Settings
Check "Enable Client Access Checking on this System"
Click the button "Change Global Client Access Settings"
Results
Only the Default Security User may add/delete/operate an Alarm
Only the Default Security User may disable Client Access checking
The profile "NOT LOGGED ON" determines logged off access
The profile "USER NOT DEFINED" determines logged on access
Æ Change profile for "NOT LOGGED ON"
Log on to Client as User that started the MOMI server on Tandem
Go to the screen Configure/Client Access/Define
Select User ID (in the upper left hand corner of the screen)
In the drop-down box pick "NOT LOGGED ON"
Configure as desired
Save settings by clicking button "Change User"
Results
Users not logged on have settings as configured
Æ Change profile for "USER NOT DEFINED"
Log on to Client as User that started the MOMI server on Tandem
Go to the screen Configure/Client Access/Define
Select User ID (in the upper left hand corner of the screen)
In the drop-down box pick "USER NOT DEFINED"
Configure as desired
Save settings by clicking button "Change User"
Results
Users logged on but not otherwise defined to MOMI have settings as configured
Æ Add an individual User ID
Log on to Client as User that started the MOMI server on Tandem
Go to the screen Configure/Client Access/Define
Select User ID (in the upper left hand corner of the screen)
Enter User ID and Description
Don't enter or select a "Member of Group"
Configure as desired
Save settings by clicking button "Save New User"
Results
User ID when logged on has settings as configured
Æ Add a Group ID
Log on to Client as User that started the MOMI server on Tandem
Go to the screen Configure/Client Access/Define
Select Group ID (in the upper left hand corner of the screen)
Enter Group ID and Description
Configure as desired
Save settings by clicking button "Save New Group"
Results
A new Group ID is now available
Æ Add an User ID to a group
Log on to Client as User that started the MOMI server on Tandem
Go to the screen Configure/Client Access/Define
Select User ID (in the upper left hand corner of the screen)
Enter User ID and Description
Select in the drop-down box "Member of Group"
Save settings by clicking button "Save New User"
Results
A new User ID that is a member of a group is now available
Æ Allow a user to add/delete/operate an Alarm (assumes the user was already added)
Log on to Client as User that started the MOMI server on Tandem
Go to the screen Configure/Client Access/Define
Select User ID (in the upper left hand corner of the screen)
Enable settings under History/Alarms to Create/Update Alarms
Save settings by clicking button "Change User"
Results
User ID when logged on has Alarm Create/Update ability
Æ Limit AutoUpdate time
Log on to Client as User that started the MOMI server on Tandem
Go to the screen Configure/Client Access/Global Settings
Check box and "Set AutoUpdate Limit to" value
Save settings by clicking button "Change Global Client Access Settings"
Results
AutoUpdate is limited by default for all users. (This may be overridden on an individual or group basis)
Æ Restore the default state of Client Access and Disable (use only if you really mess up)
Log on to Client as User that started the MOMI server on Tandem
Go to the screen Configure/Client Access/Global Settings
Press button "Delete All Client Access Records"
Press confirmation button
Results
Client Access disabled. Default functionality restored.
Æ Disable Client Access Checking
Log on to Client as User that started the MOMI server on Tandem
Go to the screen Configure/Client Access/Global Settings
Uncheck box "Enable Client Access Checking on this System"
Save settings by clicking button "Change Global Client Access Settings"
Results
Client Access disabled. Default functionality restored.
User profiles are still present.