We use OPSYS security and require userids and passwords for users that update files. But for users that can only inquire, we want to not require passwords.

I thought from reading other forum discussions that I could do this by adding an universal user (example: customer customer) to the URL in the .htm that the user is routed to. So I added IBIC_user="customer" IBIC_pass="customer" to the URL, but the OPSYS sign on is still required. Is it possible to bypass the security sign on in this way? If so, can someone include sample code since I don't know JAVA very well.

Thanks, Kent

One way to do it is to populate IBI_REPORT_USER and IBI_REPORT_PASS in the profile of the Reporting Servers/Remote Services server you are using, EDASERVE for example, with some sort of application id.

The problem with that is that anyone can get in. You would have to restrict the permissions of this id severely and still force your update users to logon. You could make them using another client node without the stored userid, i.e populate all the pages with the IBIC_server value for this special node forcing them to log in.

Another method is to set up a separate instance of the server (same physical box, same installation, different port) with very restricted access to tables, etc. which DOES have the user/id in the server profile. (You could also just turn security off on that server, but I would highly recommend AGAINST that.) Opens too many other security holes. Then any requests by that public user could use IBIC_server=alternateservername. I think there is a "Configure additional servers" option on the installation menu that does this.

In essence, there is no real "BYPASS" to OPSYS security. Either you authenticate somehow or you don't. Just depends how seamless you want it to appear to the users.

Darin, that requires a license. Creating another client node pointing to the same server does not.

Always the licensing issue which I forgot to mention because we don't license it that way. Ours is one box, one license. Thanks for bringing that up, though, as I'm frequently one to remind users of licensing requirements.

Ginny's suggestion would be a way around that problem.

JinnyJakes,
I am getting lost in the "WebFOCUS Security and Administration" manual trying to set up the new node where I can populate IBI_REPORT_USER and IBI_REPORT_PASS. I belive I need to set up a new NODE in ODIN.CFG with the same PORT number as the database client.
What other .CFGs do I need to make changes to? Any other details you can give will help since I have not had to make many table changes in the two years we have been on WebFocus.
Thanks, Kent

You don't need to set up a new node in the reporting server. You just need to set up a a remote client in the WebFOCUS Client console.

Its URL is: http://your_web_server/ibi_apps/console/webfocusconsole.jsp

You log onto that, click on Reporting Servers, then click on Remote Services.

In the right-hand panel, click the new button at the bottom. You then give the node a different name than EDASERVE but point it to the same reporting server as EDASERVE.

Once that is created, you can click the profile button for your new node and make the appropriate changes.

Each one of these nodes will have a profile in the /WebFOCUS/ibi/webfocus76n/client/wfc/etc directory. You can encrypt these profiles from the client console tool.

Or you can make EDASERVE your public node and update the user and pass for that one and create another, WFSECURE for example, that has no entries for the user and pass.

Let me know if that is not clear. You don't have to read the security manual to do this.

Let me know if you have more questions.

One option to consider is to pass a value or cookie that identifies whether the user is an "inquirer" or not. Then in the edasprof or a profile set IBIC_user and IBIC_pass to your default - customer.customer in your example.

Note that you will need to create the user "customer" on the OS for OPSYS to work.

Cheers

Stu