2 setup options, 1 object manager security, Setup options – HP Integrity NonStop J-Series User Manual

Web ViewPoint User Guide Version 5.14 - 528226-014

81

configuration of objects and user securities. During the usage of Object Manager, by default, Object Manager
starts the $OCM environment. This is needed before any other environment is created. Additionally only the
creator of $OCM is allowed to create an additional environment. The $OCM is a shared environment i.e. any user
having a valid Guardian username and password is allowed to logon to Object Manager and use it. Non-shared
environments can also be created and the creator can specify a list of users to whom he/she wants to give access.

Each environment creates and manages a WCMDB file that contains the objects, commands, user etc. information.

If the environment is $OCM, then these corresponding files are created in the default subvolume (which is
generally Web ViewPoint subvolume). For any other environment e.g. $ABC, these files are created in the ABCXXX
subvolume.

LIMITATIONS:
H& J- Series has max object instance limit of 4095.

3.3.2 SETUP OPTIONS

3.3.2.1 OBJECT MANAGER SECURITY

The Object Manager's security mechanism supports:

 Safeguard aliases
 Shared and non-shared OCM environments
 Logon member list
 TACL generic command member list
 Sensitive button commands member list
 Command specific member lists

Before applying any of these security features, the following aspect of the Object Manager configuration needs to
be carefully considered: the OCM process, SEEVIEW, the command interpreters (CIs) or TACL (Tandem Access
Command Language), and the object database files all inherit their access ID from the user that first logs on to the
Object Manager. If the OCM process has been stopped, but the database is still present, only the original owner
will be allowed to log on and restart the OCM. If it is desired to start the OCM under a different user, all database
file WCMDB must first be deleted. Remember that, ultimately, the TACL will decide if a caller is allowed to execute
a command, and that the caller is the OCM process. It is recommended to have the shared environment initially
started by a super group user.

Web ViewPoint’s logon screen allows Safeguard alias names (up to 32 chars) to be entered instead of the standard
group.user names.

$OCM is the assumed OCM process name on first access. If the default ($OCM) is chosen, a shared environment
will be set up where any user will be allowed to log on and have access to non-sensitive button commands
associated with objects in a "shared" object tree. You may change this process name once you access the Object
Manager screen. This setting will be stored in a cookie and used for the next logon session.

If a process name other than $OCM is entered, a non-shared environment will be created where only the user who
created this environment will be allowed to log on, or members of a logon group that has been established by the
owner. Please note that aliases in the logon list are not resolved to the guardian group.user but treated separately.
Web ViewPoint permits only the owner of $OCM to create a non-shared environment with a process name other
than $OCM. The non-shared environment includes a dedicated object tree database that resides in a NonStop sub-
volume constructed from the OCM process name and an "xxx" affix.