Aspects of LifeWorks Data Entry Security
There are three aspects to LifeWorks Data Entry security: 1) control of user access (login); 2) control of privileged operations (Supervisor Functions); and 3) file protection.
When the system is first installed, there is no security. Any user can login. Any user can execute Supervisor Functions. No files are protected.
The job OPERATORS is used as the main control of user access. It is strongly urged that this job be password protected. There are two batches of this job, batch 1 and batch USERID, which can be used to control user access. Only those LifeWorks Data Entry (three character) operator IDs contained in OPERATORS,1, when present, can login to LifeWorks Data Entry. An optional operator sign-on password (same for all users) can be specified in LWconfig to further restrict initial access.
OPERATORS,USERID can be used instead of, or in addition to OPERATORS,1. The use of this file provides several features including automatic sign-on, restricting the user to using menus and more. Relevant to control of Supervisor Functions, the field “This” user is a supervisor. “(Y/N)” in the OPERATORS,USERID file is where individual users are assigned as a supervisor, or not a supervisor.
Control of Supervisor Functions
Release LWK01.23 provides greater control of Supervisor Functions than before. Previously, the main control of Supervisor Functions was the assignment of a supervisor password via LWconfig. Without this in force, all users, regardless of supervisor assignment in OPERATORS,USERID, could execute Supervisor Functions. Also, for some Supervisor Functions, if the user is not a supervisor (per OPERATORS,USERID) but knows the supervisor password, the function was allowed.
With release LWK01.23, the presence of OPERATORS,USERID is considered to be the primary control of Supervisor Functions since it identifies the supervisor operators. Additional statements can be added to the $W/text/lwoptions file to further fine tune the control of Supervisor Functions.
By default, the system loosens security on operators identified as supervisors by not asking for the Supervisor Password if it is defined. PASSWORD1 can be added to $W/text/lwoptions which will require the password to be entered by the supervisor.
For Non-Supervisors, by default, the system tightens security and will not allow the operator to execute any Supervisor Function. PASSWORD2 can be added to $W/text/lwoptions which will require the password to be entered by these operators.
Since all files in LifeWorks Data Entry are associated with a job, files can be protected since individual jobs can have passwords assigned. When a job has a password, it must be entered whenever the job is accessed. The password may be changed or assigned by using the $PASSWORD supervisor command.
Special Provisions for Root
The root user can login to LifeWorks Data Entry and certain functions operate differently, in particular to correct situations which may prevent any (other) user from being able to login. See $W/docs/README.SEC for additional details.