Restricting access to live data

Restricting access to live data

Because the amount of live data available is limited, it may be useful to restrict access to it. DBDOC provides two ways to do this: by Windows logon name or by IP address. Do not use both methods at the same time.

Live data access restrictions are not configuration specific. They are shared by every CIUMon and every configuration running on a given machine.

Blocked users who try to access live data will receive an error message letting them know that they have been blocked.

Restricting access to live data by Windows logon names

A logon name can be either blocked or approved. If any logon names are approved, only approved logon names will be able to access live data. There is no reason to both approve and block logon names.

Information-noshadow.png Note: If a username has ever been changed, you must block or approve the original username. For example, if user "Smith" was originally user "John Smith," but the username was changed, you must block "John Smith." Blocking "Smith" will not work. This is due to how Windows stores usernames.

Restricting access to live data by IP address

IP addresses (or ranges of IP addresses) can be either blocked or approved. If any IP addresses are approved, only IP addresses that are both approved and not blocked will be able to access live data. Using this feature, it is possible to approve a range of IP addresses but block some addresses in that range.

Information-noshadow.png Note: There is an exception to the rule that only IP addresses that are both approved and not blocked can access live data. If you block a range of IP addresses and then approve a single IP address in that range, you will be able to get live data from that single address. This makes it possible to block a range of IP addresses but allow access from specific computers in that range.