Tip:
Highlight text to annotate it
X
We have just demonstrated
how the connection mechanism works. And we
use ProcessBook as an example. But I wanted to make a
point that interfaces also have to pass
the security test to access PI. In fact,
they need write access. So typically they do that
using trusts and we will discuss trusts a great deal
later on. I just do want to emphasize
to be careful about making any drastic security
changes-- they can break the interfaces
and we do not want to have that interfere with data
collection. So now there is one other thing that we
have not discussed yet and that is this
Guest access to the PI Server.
Now Guest access to PI Server is
simply the fact that if you do have a username
and password prompt appear
to you and you cancel out of it, then we simply
give you the same credentials as something called our Guest
user. The Guest user does not show up in any lists.
It's simply the same privileges as we extend
what we call the world.
There is security by concept of the owner of an
object and the group that is associated with an object. And
then anybody who is not the owner
or in a group associated with the object is what we call the world.
And typically world has read access. So this Guest
access is going to get the same privileges, or the guest
login is going to get the same privileges
as whatever world has which is typically read access.
So that really comes down to the fact
that if you cancel out of a login prompt, you will still
get read access. And of course some customers do not want that.
So if you'd like to modify that Guest access, you
can simply go into the System Management
Tools and going into the
tuning parameters, you need to change this right here-- it's
called Default User Access. Let me bring this
up on the screen. You can see if we go into
the operation and tuning parameters,
you will find this under network.
There is network manager.
This is default user access. So if we
set default user access equal to
zero-- we explicitly set that to zero. That
will disable the Guest login.
Now one more point. I just want to
make sure there is no misunderstanding.
When a user is trying to connect using
ProcessBook for example, and the
default user for ProcessBook has no password
at all, then that is not the same thing as the Guest
login. That's simply a user who has been configured with no
password. And a dialogue box will now appear asking
for password. What I am saying
here is that in the event that you
have a username that has been
defined who does require a password,
if that login dialogue box appears and
the user cancels out... He just simply clicks on
cancel instead of trying to type in any password,
then that user will be granted the Guest login.
So this setting here
default user access is going to disable that capability.