Configuring User Settings

Use this page to specify the machines from which a user may access a license that exists in a protection key that is located on this machine.

NOTE    The settings on this page do not control which users can access the Admin Control Center that is located on this machine.

To access this page:

From the navigation pane, go to the Configuration page > Users tab.

To display users who recently accessed Sentinel License Managers:

Click Show Recent Users. A list of users who have recently accessed Sentinel License Managers, and the machines from which the License Managers were accessed, is displayed.

To apply changes in this page:

Click Submit.

To restore factory defaults for this page:

Click Set Defaults and then click Submit.

Specifying User Restrictions

Use the User Restrictions field to define restrictions that grant or deny access to users who attempt to consume a license in a protection key that is located on this machine.

NOTE     

>These restrictions do not apply to the use of Admin Control Center on this machine. Thus, for example, any user on a remote machine who can access Admin Control Center on this machine can also detach a license from this machine.

>These restrictions apply when a user on a remote machine attempts to detach a license from this machine without using Admin Control Center on this machine. For detains, see User Restrictions for the Detach Operation.

Each restriction grants or denies access based on a number of parameters as described below.

Enter each restriction in the following format:

operator=[username][@hostname][,vendor:vendorID][,key:keyID][,product:productID]

where:

operator Specify allow (for a restriction that grants access) or deny (for a restriction that denies access).
username

Optional. User name to which the restriction applies. Enter one of the following:

> “*” (by itself) – represents all users (default value)

> User name of a specific user.
hostname

Optional. Machine to which the restriction applies. Enter one of the following:

>“*” (by itself) – represents all machines (default value).

> “*” wildcard character. For example: host*.

> none – represents no machines.

> Hostname or IP address of a specific machine. Hostname may include a domain name. For example: johnhs@n0532.example.com

> A subnet. For example: 10.162.105.0/23
vendorID

Optional. Vendor ID of licenses to which the restriction applies. (Default: all vendor IDs)
keyID

Optional. Unique identity number for a specific Sentinel protection key to which the restriction applies. (Default: all key IDs)
productID

Optional. Unique identity number for a specific Product to which the restriction applies. (Default: all Product IDs)

Multiple restrictions can be specified. Each restriction must be on a separate line. The restrictions are evaluated in the order in which they are specified.

The evaluation of multiple restrictions is similar to the evaluation used in Apache and other similar open source products.

Note the following:

>Any user that is not blocked by a specified restriction is granted access.

>The use of all to represent all users or all machines is deprecated, but supported for backward compatibility. It is recommended that you use * instead.

Example 1

Given the following sequence of restrictions:

deny=john@vista
allow=john@*
allow=chris@*
deny=*@qc001
deny=*@qc002

This sequence is evaluated by the Admin License Manager on the local machine follows:

1.The user "john" on the "vista" host machine is denied access to licenses on this machine.

2.The user "john" is allowed access from all host machines (except "vista"—because of the first rule).

3.The user "chris" is allowed access from all machines.

4.Access to licenses on this machine is denied to all users on the "qc001"and "qc002" machines—except for the users "john" and "chris", whose access permissions were evaluated earlier in the sequence.

5.All other users on other machines are granted access to all licenses on this machine because there is no restriction that denies them access.

Example 2

>Allow the specified user to consume licenses on this machine from any other machine. Block any other user on any remote machine.

allow=John
deny=*@*

Note that the first entry is expanded to allow=John@* when you click Submit.

>Allow all users on the specified machine to consume licenses on this machine. Block users on any other remote machine.

allow=@hostabc
deny=*@*

Note that the first entry is expanded to allow=*@hostabc when you click Submit.

>Deny access to a specific named user to a specific product on a specific key from a specific vendor:

deny=admin@hostabc,vendor:37515,key:12345,product:123

>Allow a specified user access to a specified key from all hostnames that start with “host”. Block all other users on any remote machine.

allow=admin@host*,key:12345
deny=*@*

>Allow a specific user on a specified subnet access to a specified Product. Block any other user on any remote machine or subnet.

allow=admin@10.162.105.0/23,product:123
deny=*@*

Related Topics

Configuring Basic Settings

Show Recent Users