Pre-login User Access

This configuration allows you to control the access users have before logging in.

The PreLoginUserAccess record includes <access/> elements that allow you to specify the functions to which the user will have access pre-login.

Procedure

  1. Open the config.xml file.

    For information about how this file should be opened (i.e., via the Configuration Administrator or via the file system, see Introduction).

  2. Locate the PreLoginUserAccess record in the config.xml file: 
    <record jsxid="PreLoginUserAccess">
   <access name="ApplicationLog"/>
   <access name="ShowErrorDetail">
      <!--<access name="ShowStackTrace"/>-->
   </access>
   <access name="Help">
      <access name="Help"/>
      <access name="About"/>
   </access>
</record>
  3. Configure the pre-login user access as follows:
    • ApplicationLog - If included, this provides access to the Application Log. The Application Log is used to troubleshoot the application. It provides detailed debug information generated by the application, as well as information about communications between the application and Action Processor. For more information, see Application Log.
    • ShowErrorDetail - If included, details about error conditions are displayed to the user.
    • ShowStackTrace - If included, a stack trace is shown when error information is displayed. This is commented out by default, as this information could be used by an attacker to gain insight into internal processes.
    • Help - If included, the Help selection is available from the Help button menu on the Login screen. This provides access to the application user’s guide.
    • About - If included, the About selection is available from the Help button menu on the Login screen. This provide access to a dialog that include the software legal notice, as well as application version information.

      Note that if neither Help nor About are included, the Help button does not display on the Login screen.

      You can customize the PreLoginUserAccess record as needed:

    • include <access/> elements for each function to which you want all users to have access pre-login.
    • remove, or comment out, all <access/> elements for the functions to which you do not want users to have access pre-login.

      Once a user logs in, access authority to these specific functions can be overridden with the ApplicationLog, ShowErrorDetail, ShowStackTrace, Help > Help, and Help > About access entries—see Available Functions.

      Note that the pre-login access controls are not overridden by system actions.