Manualshelf

Install guide

ManualsBrandsVelocity ManualsComputer equipmentProMagix E2010
21222324252627282930
Configuring Security Options
This section applies to the WOW browser client only. All WOW command-line and GUI
utilities obeys identical Oracle and Linux file permissions as any other OpenWorks or
SeisWorks utility.
All WOW operations are actually executed by the WOW Apache user. Security levels as
described below only emulate end user access. To perform a particular operation in
WOW, both the WOW Apache user and the end user must have legitimate access.
There are two different options for implementing security in WOW: full emulation of user
access requiring authentication/authorization for all operations (level C), and open read
access, requiring authentication only for write operations, e.g. creating well lists (level B).
Security Levels
Level B Universal read-only access with emulation on write functionality:
This provides full emulation but only on the write-back modules (e.g. creating well lists,
adding/deleting KRS documents). Any user that can login to any system over
the company network can access all OpenWorks, SeisWorks and other data, read-only,
except for named exclusions. Universal browsing is thus encouraged without having to
provide a password, but as soon as an attempt is made to write back to the database (e.g.
loading a KRS document), the user is prompted for a login and password. This is the
default security level.
Level C Full emulation:
Users are required to login at all times. The authenticated username is then used to
authorize access at an individual project level, exactly as if the user is logging on to a
Linux workstation in the site. This is as secure as the underlying applications, but at the
expense of extra administration to maintain the password file. Extra administration is also
required to grant casual (non-OpenWorks) users access. To access WOW, a casual
browser must:
have a Linux account
be added to Oracle as an internal user
be granted at least BROWSE access to the required OpenWorks projects
be granted read access to external data directories
Named Exclusions
Specified ‘tight’ projects can be restricted entirely from being viewed in WOW, irrespective
of security level. Access is restricted to projects and directories by modifying files in the
$OWHOME/WebApps/conf directory as described below.
OpenWorks: modify the OW_PROJ_WHERE_CLAUSE in wow.env to restrict projects to
those that have a particular name or comment. Modifying this requires a degree of SQL
knowledge; contact support if in doubt.
SeisWorks: the restricted_plist.dat file lists the names of any ‘tight’ SeisWorks
surveys. They will appear in listings but will not be further accessible.
Z-MAP Plus/Other: the restricted_dir_list.dat file lists the names of any ‘tight’
Linux directories. These will appear in listings but will not be further accessible.
WOW 5000.0.1.11 Release Notes Page 23 of 104 March 2014