Force people to log on as a certain user...

swhitmire

Reputable Poster
Strange question. Is there a way I'm not thinking of to make it so that someone using a fat/webdev client can ONLY log in to JDE as a certain user?
 
Have you tried giving that user ID (and only that user ID) access to a role with only your base environment (e.g. DV900 or PY900) assigned, and NOT access to JDV900 or JPY900?
 
Off the top of my head have you thought of using the 'external calls' security? Set all the designers (FDA.EXE, RDA.EXE etc) to be not allowed to run for *PUBLIC and create a role that is for the developers which gives run capability back.

Regards

Pete
Xe - E9 all platforms
 
Sorry missread your post the first time and was working on something else.... just getting my foot out of my mouth
smile.gif


A short answer is no, its not that simple. However, we need more information if we are going to help you, what security model are you using? What type of people do you want to restrict on the dev client (ie developers, applications, users etc?) and are there users you don't want to apply this restriction to?

Don is right in saying that you will have restrict the user by adding a role but the user can still log on to the fat client using the JDV environment.

Perhaps if you tell us more on the why we can help better.

Regards

Pete

Xe - E9 (All platforms)
 
So, let me explain a little better what I'm trying to do. We still have users using ODA (yes, I know that's not a great reporting solution). They all log in to a terminal server with a fat client installed on it. I want to make sure that they aren't accessing certain tables, but I can't secure those tables out from their regular usernames because they need to be able to get to them from screens inside JDE (this is all because we're trying to set up employee self service). So what I had hoped to do was to have them all log in as some special user that IS secured out of those tables. But the question is, how to force them to ONLY log in as that user?
 
You can hard-code login & BD parameters in INI and secure WRITE on INI away from everyone - JDE would then only even sign in as that hardcoded user ID.
 
Hmmn, I tried it with both of those set the same and not being able to write the file and it still let me log in as a different user.
 
Here's a few options..

There's a free tool called owlogon.exe that does an auto logon to a FAT client. You create a .bat file with the E1 credentials, then replace your ActiveConsole shortcuts with your .bat file. Use a bat to exe converter to hide the details and to set the icons back to what they were. So when the user selects the icon, it will do the autologon using the credentials in the bat file. A bit crude but it works.
I see owlogon is no longer available on the site (www.sliksoftware.co.nz) however you could just email them asking for it. It used to be there, and it was a free-be.
It works on 8.12 FAT client, not sure about 9.0. However it won't work for webdev.

Another approach is to introduce a Logic server and set it to use LDAP authentication. Set the LDAP config to point to an ou in the tree where your one secured user is. Then set this Terminal Server jde.ini (and webdev ini) to point to the new logic server for SecurityServer. You can now only log in as that one user from this Terminal Server.
Users on the Terminal Server will use LDAP authentication, where there's only 1 valid user allowed. The rest authenticate against your other logic servers (using Enterprise security I assume).
You can then add in controls to prevent user changing the jde.ini securityserver=xx.
 
Back
Top