Re: [foxboro] disabling sets
- From: "Brown, Stanley" <stan.brown@xxxxxxxxxxxxxxxxx>
- To: "foxboro@xxxxxxxxxxxxx" <foxboro@xxxxxxxxxxxxx>
- Date: Mon, 29 Mar 2010 09:06:25 -0400
Good point.
What I am planning to do is have the IT supplied terminal server connect using
ssh running a specific script. This is the direct analog of "rsh script". I do
not expect the user to ever see a prompt for this. Once this script has been
run, then the terminal server will run VNC to connect to the appropriate
connection. One of the reasons for this is because, since the connection is
from a terminal serve, all the connections come from the same IP address.
The person working on this from the IT side assures me he can pass as an
argument to this script, what I will call, a session number. Thus I can have
VNC run on the appropriate point.
So, it looks like I can just have this script run the appropriate shell command
to disable omsets, right?
> -----Original Message-----
> From: Stan Brown [mailto:stanb@xxxxxxxxx] On Behalf Of Terry Doucet
> Sent: Monday, March 29, 2010 8:54 AM
> To: foxboro@xxxxxxxxxxxxx
> Subject: Re: [foxboro] disabling sets
>
> Stan,
>
> The enable or disable is a command statement for a specific DM name. If
> you have multiple DM's for a UNIX station, each one has to be disabled
> to prevent sets. The only way to ensure that they remain un-settable is
> to prevent someone from running the enable command. Since anyone at a
> command prompt (including telnet session)can run the enable command for
> any DM name in your system, you really must rely on the competence of
> your well-trained people. The specific station DM name can be locked
> down to prevent the un-educated from enabling sets but it is pretty
> much impossible to lock it down with 100% certainty.
>
>
> In most plants where I have worked on IA, the Operator stations for
> that specific process have sets enabled and other Operators are
> permitted to view data in that Process but sets are disabled. This is
> done via the environments files. It works well.
>
> But in fact, if someone with command prompt access desired, he could
> enable sets for the people with "view data" access in the environment
> files.
>
> Terry
>
> _________________________________________________________________
> Take your contacts everywhere
> http://go.microsoft.com/?linkid-12959
>
>
> _______________________________________________________________________
> This mailing list is neither sponsored nor endorsed by Invensys Process
> Systems (formerly The Foxboro Company). Use the info you obtain here at
> your own risks. Read http://www.thecassandraproject.org/disclaimer.html
>
> foxboro mailing list: //www.freelists.org/list/foxboro
> to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
> to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
>
The information contained in this message and any attached files may be
privileged and/or confidential and protected from disclosure. If you are not
the intended recipient, any disclosure, copying, distribution or use of any of
the information contained in or attached to this transmission is strictly
prohibited. If you have received this transmission in error, please so notify
the sender immediately without reading it. Also, please promptly destroy the
original transmission and its attachments. Any views or opinions presented in
this message or attachments are those of the author and do not necessarily
represent those of KapStone Paper and Packaging Corporation or its subsidiaries.
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
foxboro mailing list: //www.freelists.org/list/foxboro
to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
Other related posts:
