[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference azur::mcc

Title:	DECmcc user notes file. Does not replace IPMT.
Notice:	Use IPMT for problems. Newsletter location in note 6187
Moderator:	TAEC::BEROUD

Created:	Mon Aug 21 1989
Last Modified:	Wed Jun 04 1997
Last Successful Update:	Fri Jun 06 1997
Number of topics:	6497
Total number of notes:	27359

4550.0. "READ-ONLY users for MCC ???" by MLNCSC::BARILARO () Tue Feb 16 1993 09:31

    Hi,
    
    	A customer of ours, ask me if it's possible to have a
    	non-privileged user that could use in a READ-ONLY way
    	MCC (v1.2), able to display maps, use FCL, asking 
    	counter, chars, etc. to  the registered entities , BUT
    	unable to modify the maps, deregister entities, 
    	delete/modify alarms,exporting,recording, etc.etc.
    
    	I was able only to find out on the docs a way to manage
    	alarms, I tried to create on my test MCC a non-privs
    	user (only NETMBX and TMPMBX), set all the files under 
    	MCC_COMMON with only read access for the WORLD, but 
    	I was still able to delete/deregister entities from 
    	maps and dbases.
    
    	Has anyone had this problem before ???? And hopefully
    	a solution ....
    					
    				Thanks in advance
    				Ciao	Luciano Barilaro

T.R	Title	User	Personal Name	Date	Lines
4550.1	you can make a new dictionary to restrict user	KAJUN::NELSON		`Tue Feb 16 1993 10:42`	42
	You can make the user a read-only user in terms of the operations available to him through the "Operations" menu and the FCL, SHOW and DIRECTORY only, for example. It does take some work, however. The MM Programming Guide describes in detail how to create a "developer's dictionary". Read Chapters 3(VMS) and 4(ULTRIX). You would use the same mechanism to make a special "read-only" copy of the dictionary for a restricted user. A quick description of what must be done is set out below. You must make a copy of the dictionary in some temporary work area. Use DAP ($ manage/tool/dict or csh> mcc_dap) to remove all non-read directives from EACH class in the dictionary. You want to make sure you do not remove important directives like NOTIFY, GETEVENT, DIRECTORY, SHOW, etc.. I would suggest that you carefully remove only directives like SET, DEREGISTER, DISABLE, ENABLE, CREATE, DELETE, etc. When you exit from DAP, new parse tables that go with the new dictionary will be built. Move the dictionary and parse tables to a public place. As defined in MM Programming Guide - Chapters 3 and 4, in whatever file runs when the user logs in, you define . on VMS a logical, MCC_SYSTEM, that is a search list that looks in the directory where the new dictionary is first and then MCC_SPECIFIC and then MCC_COMMON. $ DEFINE MCC_SYSTEM dua0:[mcc], mcc_sprcific, mcc_common . on ULTRIX an environmental variable, MCC_SYS_LOCATION, that points to the directory where the new dictionary is csh> setenv MCC_SYS_LOCATION /usr/new_mcc This points the DECmcc user at the new dictionary and, since the action directives are not in the dictionary/parse table, they should not be able to take any destructive action. Good Luck, ...kjn
4550.2	Thanks.....	MLNCSC::BARILARO		`Tue Feb 16 1993 11:35`	7
	Hi, Thanks for your prompt reply, seems that Ireally need all my luck..... Ciao Luciano
4550.3	Use simple, direct approach	RACER::dave	Ahh, but fortunately, I have the key to escape reality.	`Wed Feb 17 1993 12:31`	13
	.1 has the hard way of doing it. The direct approach seems much more reasonable. 1. Use DNS. 2. Configure DNS protections to limit the users access Not only can you make some parts of the tree read-only for specific users, , but you could set up other parts of the tree as read/write and yet others as no access at all. Dont muck with the dictionary. All you would be doing is asking for problems.
4550.4	DNS will not restrict SET	KAJUN::NELSON		`Wed Feb 17 1993 12:57`	4
	Putting access control on the DNS objects will control REGISTER and DEREGISTER, but will not restrict the user on SET. ...kjn
4550.5	What a kidder... ;^)	MCDOUG::MCPHERSON	pre-retinal integration	`Wed Feb 17 1993 14:27`	16
	> > -< Use simple, direct approach >- > Har har har! You crack me up, Dave! DNS? Simple? Direct? Stop it! You're killing me! Oooh! ;^) Seriously, KJ is right: DNS has no effect on the dictionary portion of the MIR, only the instance repository. /doug ;^)