Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Search for | Example | Results |
---|---|---|
A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Search for | Operator | Example |
---|---|---|
Two or more words in the same topic |
|
|
Either word in a topic |
|
|
Topics that do not contain a specific word or phrase |
|
|
Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
A combination of search types | ( ) parentheses |
|
- System security
- Encryption of configuration file settings
- Encryption of operator passwords
- Encryption of client keystore passwords
- Randomly generated master keys
- Inactivity timer
- Lockout feature
- System quiesce: Login restrictions
- Mandanten file security
- Multicompany mode
- Script utilities
- Security tables
- Secure Sockets Layer (SSL) encryption and server certificates
- Support of the HTTP Strict Transport Security protocol
- Trusted sign-on
- Common Access Card (CAC) sign-on
- SAML Single Sign-On
- FIPS mode
- Tokenization
System quiesce: Login restrictions
Quiesce mode sets login restrictions to prevent users from logging on to Service Manager processes. This gives System Administrators a way to stop users from logging on to Service Manager processes, and wait for existing users to gracefully log off before starting system maintenance or testing tailoring activities.
There are three levels of login restrictions. Quiesce level 1 restricts all users, except System Administrators, from logging on to Service Manager processes. Quiesce level 2 restricts all users from logging on to Service Manager processes. Quiesce level 0 (zero) sets Service Manager processes to allow user logins. In the vertical scaled or horizontal scaled environment, Service Manager load balancer does not forward any client connection requests to Service Manager processes that are in quiesce level 1 or 2. If System Administrators want to connect to a Service Manager process in quiesce level 1, they must connect directly to the Service Manager process without connecting through Service Manager load balancer.
Quiesce mode information is stored in the shared memory. When a Service Manager process sets a quiesce level in the shared memory, all other Service Manager processes that read from the same shared memory have the same quiesce level. So if one Service Manager process sets a quiesce level on a host, all Service Manager processes have the same level of quiesce on that host. In a horizontal scaled environment, the "-host:<host name or IP>" or "-group" option can be used with the "sm -quiesce:<quiesce level>" command. The "sm -quiesce:<1 or 2 or 0> -group" command sets the quiesce level to all Service Manager processes on all hosts within the horizontal scaled group.
In a vertical scaled environment when Service Manager processes are running and you issue the "sm -quiesce:1" or "sm -quiesce:2" command, all Service Manager processes on the local host are set to quiesce level 1 or quiesce level 2, respectively. The Service Manager load balancer stops forwarding any new client connection requests to the Service Manager processes, since they are quiesced. If any user tries to connect to Service Manager load balancer at this point, the user receives a message that states "max session exceed" from the load balancer, as there are no available Service Manager processes. Existing users on the system are not affected. However, once existing users log off, they cannot log back on until after the System Administrator changes the quiesce level back to 0 (zero). Once all users have logged off the system, the System Administrator can perform system maintenance. When system maintenance is complete, the System Administrator can issue the "sm -quiesce:0" command to set the quiesce level back to 0, so there are no login restrictions to all Service Manager processes. All Service Manager processes now accept user logins and Service Manager load balancer forwards client connection requests to these Service Manager processes.
In a horizontal scaled environment, assume there are two hosts in the horizontal scaled group, Host A and Host B. While the system is running, System Administrators can quiesce Host A for maintenance and keep Host B running by issuing the command "sm -quiesce:<1 or 2> -host:<Host A name or IP address>" on either Host A or Host B. Service Manager load balancer then forwards all client requests to Host B, as all Service Manager processes on Host A are quiesced. Existing users on Host A are not affected until they log off. If users try to log back on, Service Manager load balancer redirects their connection requests to Host B. After maintenance is complete on Host A, the System Administrator issues the command "sm -quiesce:0 -host:<Host A name or IP address>" to bring Host A back to service. This way the System Administrator can maintain one of the hosts in a horizontal scaled group and avoid down time. The System Administrator can also quiesce all Service Manager processes in the group by issuing the "sm -quiesce:<1 or 2> -group" command. When the maintenance is complete, the System Administrator can then set all Service Manager processes in the group back to non-quiesce mode by issuing the "sm -quiesce:0 -group" command.
A System Administrator can restrict logins to Service Manager using the system.quiesce application. System maintenance tasks include the following:
- Upgrading from one version of Service Manager to another
- Tailoring forms, tables, or format controls
The system.quiesce application provides three levels of login restrictions:
Restriction level | Description |
---|---|
Level 0 | Service Manager has no login restrictions and accepts all logins normally. |
Level 1 |
Service Manager restricts login to operators who have the SysAdmin capability word. Service Manager denies login to all other operators and displays the message:
When you issue
|
Level 2 |
Service Manager denies login to all operators and displays the message:
|
Note: A quiesced system restricts new login attempts only. Currently logged on users can continue working until they log off.
Enable logging of user access
Applies to User Roles:
System Administrator
If you enable system logging of user access, Service Manager records the time and user ID each time an operator logs on or logs off.
To enable logging of user access:
- Click System Administration > Base System Configuration > Miscellaneous > System Information Record.
- On the General tab, select the Syslog Audit option.
- Click Save.
Enable login restrictions
Applies to User Roles:
System Administrator
To enable login restrictions:
- Click System Administration > Ongoing Maintenance > System > Connection Restrictions.
- Click one of the following options:
- Set Level 0 — No login restrictions
- Set Level 1 — Only system administrators can log in
- Set Level 2 — No operators can login
Disable login restrictions
Applies to User Roles:
System Administrator
To disable login restrictions:
- Click System Administration > Ongoing Maintenance > System > Connection Restrictions.
- Click Set Level 0.
Enable tracking of operator times
Applies to User roles: System Administrator
You can track how long each operator edits an Incident record by enabling a tracking option in the Incident Management environment.
To enable tracking of operator times:
- Click System Administration > Ongoing Maintenance > Environment Records > Incident Management Environment.
- Select the Track Operator Times? checkbox.
- Click Save.
Enable tracking of operator times
Applies to User roles: System Administrator
You can track how long each operator edits an Incident record by enabling a tracking option in the Incident Management environment.
To enable tracking of operator times:
- Click System Administration > Ongoing Maintenance > Environment Records > Incident Management Environment.
- Select the Track Operator Times? checkbox.
- Click Save.
Related topics
Application profiles
Environment record
User roles
Capability word model
Adding users
Checklist: Adding a new user
Controlling user access and security
Creating operator records
Defining named users
Operator passwords
Operator records
Operator templates
Lockout feature