Another aspect of restricting user access to Operations Center components is session management, which includes the following functions:
Configure all of these features by using the Operations Server console, except for the session timeout cutoff, which is configured by using the Configuration Manager. This section summarizes the features and provides links or references to detailed documentation.
Monitoring the sessions and analyzing the effectiveness of these session policies are discussed in Section 6.0, Auditing.
The total number of concurrent user sessions is determined by the number of licensed Console and Portal users.
To control the number of concurrent logins that a user is allowed, open the user’s Section 2.3, User and Group Accounts for details.property page and type a number in the field. See
To prevent a user from accessing the Operations Server console or the Business Service Dashboard components, open the user’s User property page and select Section 2.3, User and Group Accounts for details.or in the section. See
In some situations, you might want to allocate a subset of licensed user sessions to different groups. This ensures that certain groups are not allowed to use all of the allotted user sessions and prevent other users from accessing the system.
To restrict the number of users in the group who can concurrently log in to Operations Center software:
In thepane, right-click the group and select to open the Status property page.
In the left pane, clickto open the Group property page.
Selectand specify the maximum allowable number of users.
Clickto save the changes.
If a user belongs to more than one group, Operations Center software leases a session from the group to which the user belongs, containing the largest number of available concurrent sessions. If a group has no setting for the maximum number of concurrent users, the session is leased from the default product license.
Administrators can establish a session inactivity interval, which is the number of minutes that users can remain inactive before they are required to log in again. Use the Configuration Manager to define the Operations Center Server Installation Guide.setting, which is explained in the
Theproperty page for each user displays login and session information about a user who is currently logged into Operations Center. All active users currently logged into Operations Center software display under the element in the Operations Server console.
To view session information:
In thepane, expand the root element > .
All active users currently logged into Operations Center are listed under theelement.
Right-click a user name and selectto open the Status property page.
In the left pane, clickto open the Session property page.
The Session property page identifies the group name from which the session was leased, the IP address from which the user logged in, the time of the login, and the group under which the user logged in.
The group under which the user logged in has nothing to do with the user’s permissions.
The administrator can identify whether active users are logged in to Operations Center software through the Console (operations client) or through the dashboard (Web client). Knowing how a user logged in is important when attempting to forcibly log out a user.
You can also use the mosstatus command to obtain session information about users.
To identify which users are logged in to Operations Center and which login method they used:
In thepane, expand the root element > > .
All users who are logged in to Operations Center are listed. Their login methods display in parentheses.
Licensed user sessions can be allocated to the Operations Server console and the Portal. Occasionally, it is necessary to forcibly log out a user or a group from either of these Operations Center components. Users can be forced off either the Console or the dashboard.
NOTE:Force off messages are only deliverable to users of the Operations Center console only.
In thepane, expand the root element > > or .
Select one or more groups or users, then right-click and selectto open the Force Off dialog box.
Type a message to send to the users being forced to log off.
NOTE:This message is only sent to console users. Dashboard users will not receive this message.
Clickto force the users or groups off the server.
You can also use a forceoff during a session that uses an InterCommunication connection of multiple Operations Center servers, to cause the far-end adapter to stop. Otherwise, the adapter retry logic continues to log in to the server.
If you want to notify users or group members that they are to be forcibly logged off, you can send them a message. For more information, see Sending a Group Message.
To forcibly log off a user or group of users:
Use one of the following commands:
forceoff group: groupname
Replace username and groupname with the actual names as configured in Operations Center.
When prompted, specify the following information:
Enter Web server host hostname: Enter the hostname of the Operations Center server.
The default is the local host.
Enter Web server port: Enter the Web server port number of the Operations Center server.
The default is 8080.
Enter your account userid: Enter your user name.
Enter your user password: Enter your password.
The password is not masked.
Before forcing users to log off, you can send users, the members of a group, or members of a session a message:
At the command prompt, enter:
moswall users/group/username "message"
Replace users or group with an actual name, or if the message is to a session, replace username with the session ID.
Replace message with the information to send to the user, group, or session.
moswall jtball "You are being forcibly logged off the Operations Center server." moswall group6 "You are being forcibly logged off the Operations Center server." moswall session3 "You are being forcibly logged off the Operations Center server."