MOMI has the ability to limit the screens and features available to users of the PC Client. Virtually every screen (with some exceptions) may be turned on/off. Client Access configuration is optional but provided to allow system administrators to tailor MOMI more closely to their specific needs.
Users are identified to MOMI using the standard Guardian User Id or Safeguard Alias. Client Access relies on host to perform authentication (in other words MOMI does not maintain a database of User Id's and passwords).
Client Access is configured and enabled after MOMI is installed and operational. Configuration information is stored on the Tandem Server in the file CNF01DB.
This section describes Client Access and gives examples of turning Client Access on and configuring.
Client Access is not the security granted to users accessing the Nonstop system. All sensitive commands, regardless of Client Access settings, require logon security as discussed in Security Logon / Logoff.
The user that starts MOMI on the Nonstop server is considered the Default Security User. This user is allowed to activate Client Access, configure global Client Access settings, define new users and grant the Security User right to others.
Once additional users are defined on the system and at least one is configured as a Security User, it is generally no longer necessary to use the Default Security User. Some operations, such as disabling Client Access, may only be performed by the Default Security User.
The default may be overridden with the CONFMOMI keyword DEFAULT-SECURITY-USER,
When MOMI is started for the first time and creates its configuration file CNF01DB, Client Access is turned off. All MOMI PC Client screens are displayed to any user that starts the MOMI PC Client. Some functions, such as Alarm configuration and operation may only be performed by the user that starts the MOMI server.
In this point, the user that starts the MOMI server is the only user with full control and full access over the MOMI environment.
The Default Security User logs on to the MOMI PC Client and navigates to the screen Configure / Client Access / Global Settings. Check the box to enable Client Access and then press the button "Change Global Client Access Settings".
Two user are automatically created within Client Access and are used to determine available screens/function when 1) the client is not logged on and 2) the client has logged on their User Id is not defined within MOMI.
"NOT LOGGED ON" determines what screens/function the MOMI PC Client are available prior to a logon or when a Logoff is performed.
"USER NOT DEFINED" determines what screens/function the MOMI PC Client are available in the event that the User ID is not found in the Client Access database. This user provides the means to define the default operation for any user that can logon to the host.
When the MOMI PC Client is first started, the predefined user "NOT LOGGED ON" determines what screens/function are available. When a user logs on, the Client Access database is searched in the following order:
1) an exact match to the User ID
2) match User ID by wild card
3) use USER NOT DEFINED if enabled
An exact match to the User ID entered against a User ID defined in the Client Access database always takes precedence. Next, the Client Access database is searched again but logic is enable to allow the first match with an entry containing a wild card. Lastly, the predefined user "USER NOT DEFINED" is chosen if enabled.
Wild-card support, such as ADMIN.*, is available in the MOMI PC Client 4.05 and later.
The following examples (denoted by a Æ) describe the sequence of steps necessary to perform certain activities. With the exception of the first two examples, which assume an initial configuration, all other steps assume that Client Access is enabled.
Æ The MOMI server is initially started
Results
Æ Enable Client Access checking
Results
Æ Change profile for "NOT LOGGED ON"
Results
Æ Change profile for "USER NOT DEFINED"
Results
Æ Add an individual User ID
Results
Results
Æ Add an User ID to a group
Results
Æ Allow a user to add/delete/operate an Alarm (assumes the user was already added)
Results
Results
Æ Restore the default state of Client Access and Disable (use only if you really mess up)
Results
Æ Disable Client Access Checking
Results