Administrator’s guide for webAPX

 

Contents

·         Database selection

·         Security

·         webAPX user API

·         webAPX parameter files description

webAPX documentation

·         Installation’s guide for webAPX

·         Administrator’s guide for webAPX

·         Help for webAPX

·         Frequently asked questions for webAPX

 

 

All file-references in this document are relative to the ‘Installation Directory’ of webAPX.

Database selection

If more than one APX databases are in use on your site, webAPX can connect to each of them. The connection is managed with the Data Source defining the name of the database to work with as well as the server the database manager is running on. Therefore when dealing with multiple APX-databases you must create multiple Data Sources on the server webAPX is running on, each one connecting to a specific database.

The list of the possible Data Source Names must be defined in the System Configuration File of webAPX with the element: dsnAPX,

In the Login-page you will select the Data Source Name corresponding to the database you want to connect to.

Security

User access control

Each user authorized to connect to the Production Database via webAPX must be registered in APX as a standard user with his/her access rights. Additionally starting with the relaese 2.0 of APXDB the user must be grant the ‘PCCSYS’ role.

 

We recommend to create specific accounts in APX for the purposes of webAPX. These accounts should have only read access to the production and profiles and no access to any other function.

We recommend to assemble user accounts into group accounts in order to simplify the maintenance of the authorizations.

The user of webAPX must give his/her user-id and password at each session start and they are checked against the APX-database referred by the given Data Source Name.

The Login-page can be accessed at any time to re-enter the user-id and password in order, for example, to reconnect with different rights or to a different APX-database.
The element userAPX in the System Configuration File of webAPX ‘system/system.xml’ can contain a default user-id for every person connecting to the webAPX-Server. The default user-id presented in the Login-page can be changed by the current user, is saved in his/her cookies and will be presented during his/her next login.

User authorization control

The authorizations to the objects accessed by the users of webAPX are checked in exactly the same way as it is done in the standard GUI-program PCC.EXE. The webAPX users or groups must have at least the read authorization in the production respectively in the profiles to get access to an object. If the user has no authorization at all or not enough authorization on an object, this object will not be displayed.

By default webAPX is to checks the user’s authorization when displaying the monthly forecast. The System Configuration File of webAPX can be customized to change this default behaviour.

 

No authorization is required when displaying the status of the RCS’s.

 

Generally no authorization is required when displaying the Production Protocol.  But the System Configuration File can restrict the presented protocol messages only to the one belonging to the current user. The user PCCDBA can see all messages without restriction.

Cookies

The user name, password and selection done on each page and in the RSS-feeds are stored by ‘cookies’ in the browser of the user.

At installation time the option to encrypt the cookies is automatically set.

The site security policy can restrict the utilization of cookies. The System Configuration File can be customized to enable or disable the utilization of cookies without effect on webAPX.

Additionally the duration of the validity of the cookies can be customized in the System Configuration File too.

If the site policy allows cookies, each user can decide in the Login-page if he/she wants to allow cookies on his/her workstation.

Commands to APX-Control

The identified user can send commands to APX-Control, if the corresponding option is set in the System Configuration File.

The commands are sent on behalf of the logged user and APX-Control checks his/her authorization when the command is received.

The result of the command sent can be displayed with the Production Protocol page.

Following options are available in the System Configuration File:

-          Allow or not to send commands to APX-Control,

-          Command to use when loading a job or an application, i.e. LOAD_JOB or ADD_JOB,

User’s password update

Users can change their own passwords.

This option can be disables in the System Configuration File.

SSL/TLS Protocol

The web-server can be configured to support the SSL/TLS protocol. In this case the connection between the user’s workstations and the server will be encrypted. The utilisation of an encrypted protocol has no effect on webAPX. The Windows setup program ‘webToolsAPX’ pre-installs the SSL/TLS configuration. See the Installation documentation to have detailed information about SSL under webAPX.

Firewall

If there is a firewall between the user workstation and the web-server running webAPX, the firewall must authorize all packets initiated by the workstation sent to the port 80 (HTTP protocol) or 443 (HTTPS protocol) of the web-server to pass thru. The port number can be different if customized in the web-server configuration file; for example, they are respectively 5180 and 5181 if you install the Apache server with ‘webToolsAPX’.

 

Sample rule for a firewall based on ‘iptables’

 

iptable –A FORWARD –p tcp –-sync    /

           –s 192.168.10.0/24       /         # The user-PC’s

           -d webapx –dport 80 –j ACCEPT      # The web-server

webAPX user API

A user module can be activated to record the connexions to webAPX.
Currently the user API records in a daily file each connexion (user identification and time) in a CSV format ready for import in Excel or a similar program.

To activate the user module the system administrator must rename the module ‘php/userAPI_98.php’ to ‘php/userAPI_01.php’

The user module can be customized for your site and will not be overwritten during the next upgrade process.

webAPX parameter files description

In the following paragraph we present some configuration files or members of interest for the user or the administrator of webAPX.

All parameter files are stored in the installation directory of webAPX.

Sample of ‘system/system.xml’

This file called the ‘System Configuration File of webAPX’ is stored in the installation directory of webAPX on the web-server.
The System Configuration File contains every site specific parameters.

This file will not be overwritten during an upgrade of the product. This is the place where your own parameters are stored. It will be automatically expanded with the new options during an upgrade.

The comments enclosed in the file explain the contents and the utilization of these parameters. Additionally the FAQS document offers a lot of information on the System Configuration File.

This file can be edited with any text editor i.e. WordPad or ‘vi’ but must remain XML-conform. The validity of the System Configuration File syntax can be checked when you open it with your browser. Any syntax error will be automatically shown.

The activation of the changed parameters applies after a new login into webAPX.

Style Sheets files
‘css/siteScreen.css’,
‘css/sitePrint.css’,
‘css/userScreen_<username>.css’ and ‘css/userPrint_<username>.css’

These files, stored in the installation directory of webAPX on the web-server, contain the user specific Cascading Style Sheets (CSS) for the browser and for print purposes.

webAPX makes use of the CSS3 version therefore we recommend you to use an actual version of your favorite browser.

The CSS-files above will not be overwritten during an upgrade of the product. These are the places where your own presentation parameters should be stored.

The changes done in the CSS file ‘css/siteScreen.css’ apply to the entire site. The changes done in the file ‘css/userScreen_<username>.css’ apply to a specific user. There is no restriction to the number of user CSS files defined in the system.

The files ‘css/siteScreen.css’, ‘css/sitePrint.css’, ‘css/userScreen_sample.css’ and ‘css/userPrint_sample.css’ are created during the initial installation of webAPX and never changed thereafter.

The elements you can customize in the site and user style sheets can be found in the standard CSS definition file called: ‘css/webapxScreen.css’.

Please note that we offer no free support for changing these parameters, you can do it but at your own risk and cost.

The comments contained in the standard CSS definition file explain the structure of the pages generated by webAPX.

Every valid CSS definition can be given and will be sent as it is to the browser.

These files can be edited with any text editor i.e. WordPad or ‘vi’.

The activation of the changed definitions applies after a reload of the current web page, generally with ‘F5’.

 

Last update: 01 March 2020