Top
Systemwalker Operation Manager V17.0.1 Installation Guide

2.3 Security Definitions

This section describes the security functions provided by Systemwalker Operation Manager. Enter the definitions for these functions when it is necessary to improve the security of a system.

Extended User Management function [UNIX]

This function sets up user IDs that are separate from the user IDs registered with the operating system, and manages the users who can access Systemwalker Operation Manager.

See "2.4.3 Defining Users (When using Extended User Management Function) [UNIX]" for details.

Access control

This function controls access to projects.

Refer to "Setting up Access Permissions for Projects" in the Systemwalker Operation Manager User's Guide for details on the definition method. See "Appendix E Usage Restrictions Based on Access Rights" for a list of the menu items, operations, commands and APIs that can be used with different access rights. For Web API, refer to the each API of "Web API [Windows] [Linux] " in the Systemwalker Operation Manager Reference Guide.

It is also possible to restrict the users who can access Systemwalker Operation Manager directories and files.

See "2.4.5 Define User Restrictions" for details on the definition.

Restricting execution users

This function registers the users who are allowed to execute jobs.

[Windows]

Specify Execute jobs under the respective job owner's authority in the Options sheet of the Define Operating Information window. Then, click the Define Job Owner's Information button to display the Define Job Owner's Information window and register only those users who are permitted to execute jobs.

See "2.8.1 Defining the System Operating Information" and "2.8.3 Defining the Job Owner Information [Windows]" for details.

[UNIX]

Register the users who are permitted to execute jobs in the user control list for job execution. See "2.8.4 Defining the User Control List for Job Execution [UNIX]" for details on how to define this function.

Audit log output

This function outputs a record of the operations performed on Systemwalker Operation Manager to an audit log file.

See "2.4.6 Defining Audit Log Output" for details on how to define this function.

Setting to not hold host name and user ID in the Login window

For convenience, Systemwalker Operation Manager displays the most recently used host name and user ID in the input area by default in each of the following Login windows.

On the other hand, from the viewpoint of improving security, the most recent host name and user ID are not displayed at the time of use, and the input can be set to the default every time. This section describes how to configure the settings.

How to hide (not-hold) host name and user ID

To hide the last host name and user ID, create the following definition file in an editor such as Notepad.

The definition takes effect from the Login window displayed after the definition file is saved.

Definition file name

Systemwalker Installation directory\MPWALKER.JM\mpjmcl\etc\client.ini

Format

[LOGIN]

no_host_disp=1

no_user_disp=1

[LOGIN]

Specify this section if the host name or user ID is not displayed during use.

no_host_disp=1
1:

Hides (not-hold) the host name.

Other than 1:

Displays (holds) the host name.

no_user_disp=1
1:

Hides (not-hold) the user ID.

Other than 1:

Displays (holds) the user ID.

Example definition

The following shows an example definition when the user ID is not held.

[LOGIN]

no_host_disp=0

no_user_disp=1

Notes
  • Do not create a file other than the above format. However, if a definition file with the same name already exists in which a definition different from this function is set, the definition can be mixed with another definition.

  • If the definition file does not exist or the specification format is invalid, the definition is not valid. In this case, no error message is displayed.

  • The directory where the definition files are located is a directory that can be updated by ordinary users. If necessary, set access permissions (Do not grant access to non-administrators, etc.) for the created definition file.

If you want to cancel the setting (restore the default), delete the definition file or delete the description format in the definition file.