1. Disabling users in the file version of 1C 8.
To disconnect users in the file version I created a *.bat file with one line
net session /delete /y
It disables all open shared files on the computer on which the database is located.
Next, I created a task (Windows Task Scheduler) that would run this file at the appointed time.
You may ask, what about those sessions that are open on the computer? I also eliminated them by creating a new *.bat file with the line
taskkill /IM 1cv8.exe /f
True, it disables all running 1C on the current computer, but for me it was not so scary since the archiving was done at night and no one was working in the database, this batch file can also be added to the Windows Scheduler.
2. Disabling users in the client-server database.
The same as in the case file database I used *.bat files.
Created two *. bat file, the first one disables the 1C Enterprise server, the second one turns it on very simply.
net stop "1C:Enterprise 8.2 Server Agent"
net start "1C:Enterprise 8.2 Server Agent"
Added two new tasks to the Windows scheduler, with a time difference of 15 minutes so that all frozen users can disconnect, these actions are similar to Starting the 1C Enterprise server and Stopping the 1C Enterprise server
3. Software method disconnecting users in 1C
The task was to perform archiving daily at 22:30.
In this method, I didn’t bother, I created a new role “NeClose1C”.
Created a new procedure in a regular application module:
Procedure ShutdownUsers() Export If NOT RoleAvailable("Do Not Close 1C") Then If Hour(mop_PerformingOperationsOnServer.CurrentDateOnServer()) >= 22 Then // get the time on the server StopSystemOperation(False); endIf; endIf; End of Procedure
If NOT RoleAvailable("Do Not Close 1C") Then If Hour(mop_PerformingOperationsOnServer.CurrentDateOnServer()) >= 22 Then // get the time on the server StopSystemOperation(False); endIf; endIf;
ConnectWaitHandler("ShutdownUsers", "600");
The current date function on the server looks like this:
Function CurrentDateOnServer() Export
Return CurrentDate();
EndFunction
This way we get the date on the server if in the properties common module The "Server" checkbox is checked, I only checked it.
It turns out that the current code cuts off users for two hours, but usually after midnight no one logs into the database.
If this article helped someone, I will be very happy.
Hello Dmitry! Please teach me how to force users out of the database in order to update the configuration. Thanks in advance.
From the user: Svetlana Nikolaevna
Hello, Svetlana Nikolaevna!
In order to kick users out of the database, you must have administrator rights.
Go to the section Administration, Support and Maintenance:
Choose Blocking users:
From the form, click the button to view a list of active users.
We fill out the message that users will see on their screens, set the blocking interval (if you don’t know the end time, leave the field empty). Install also unlock code, because the blocking will also affect your active session, for example, install 1234 .
Click Set blocking. A warning message appears:
We agree. Now the form says in red that the blocking will begin soon.
At this time, active users will see the following window:
Closer to the beginning of the blocking, it begins to appear every minute:
The user needs to complete his work in the program and exit. If it does not exit on its own, the program will close automatically. When trying to log into the database, the user will receive the following warning:
The user who has set the block also receives a message:
Let's leave the base.
Because the blocking applies to all sessions of all users, we will need to set the launch parameter (this is where we need Unlock code):
On the second tab we specify the database launch parameter (where 1234 is our code):
Click ready. Now we can enter both the configurator and the user mode.
To unblock the database, you need to return to the blocking form and click Unlock.
If the blocking end date has been set, then when it occurs, the blocking will stop automatically.
Administration and control of 1C 8.3 users is an integral part of the implementation and support of any 1C software product. In fact, this is not a difficult task, and I am sure that anyone can cope with it without any problems. Let's take a closer look at the process of administering 1C users.
Managing users in 1C is a fairly simple and intuitive process, but still needs description.
Conventionally, administration and control includes:
- creating a user;
- setting user rights;
- view active users;
- analysis of user actions.
Let's look at each of these points in more detail:
Creating and installing user rights 1C 8.2
Depending on the configuration, users are entered either in the configurator or in user mode. Almost all modern configurations support user input in 1C: Enterprise 8 mode. Also in 1C: Enterprise mode, as a rule, additional user parameters are entered.
However, regardless of the configuration, the first user with administrative rights always entered in configurator mode. Therefore, we will consider both user input modes.
Entering users in the Configurator
To enter the 1C Configurator mode, you must select the Configurator option in the database selection list:
After logging in, you need to select Administration - Users in the menu. A list of users will open; if you create the first user, it will be empty. Let's add a new user "Administrator":
On this page you must specify user settings:
- Name And Full name— user name.
- If the flag is set Authentication 1C: Enterprises, then the items will become available Password(password used to log into 1C), The user is prohibited from changing the password(does affordable opportunity changing the user's password in user mode), Show in selection list(makes it possible to select a user from the list, otherwise the user name must be entered manually).
- Authentication operating system — flag responsible for the ability to authorize using the operating system username. User- Username information system(for example, \\dom\kirill, where dom is the network domain and kirill is the OS username). When 1C starts, it first checks authorization through the OS, and then 1C 8.2 authorization.
- OpenID authentication— enabling authorization using OpenID technology . OpenID is an open, decentralized system that allows the user to use a single account to authenticate across multiple unrelated sites, portals, blogs and forums.
Get 267 video lessons on 1C for free:
On the tab Other you need to specify the appropriate roles for user(). In our case, we will specify for the administrator Full rights. For other users, you can check the required roles here. User rights are summarized from the available objects of different roles. Those. if the user has two roles selected, one has access to the “Nomenclature” directory, and the second role does not, there will be access. For any user without "Full rights" The role “User” must be set(if present).
You can also specify on this tab Main interface(only works for regular forms). Default language— if the configuration is developed in several languages. Startup mode- managed or regular application.
Creating a user in 1C Accounting 2.0
After a user with full rights is registered in the system, users can be entered in 1C: Enterprise mode. For example, let's create a user in the most common configuration - Enterprise Accounting 8.2.
To do this, select the item in the menu Service - User and access management. The “Users” directory will open. Create a new user:
Enter information about the user and his basics, click the “OK” button: the system will offer to automatically create a database user:
You must agree and the new database user form will be displayed:
That's all! The creation of the user and assignment of rights to him is completed.
Viewing active users in the 1C database
To view users working in the database in 1C: Enterprise mode, you must select the item Service - Active Users. A list of users working in the database will open:
How to disconnect users in 1C 8.3 and 8.2
There are two ways to disable an active user in the 1C database:
- in the program interface (for configurations 1C Accounting 3.0, Trade Management 11, etc.);
- via the server cluster console (available only in client-server mode).
From the interface
In user mode, you can kick out a frozen user by going to the “Administration” - “Support and Maintenance” menu, then selecting “Active Users”:
Select from the list the desired user and click the “Finish” button.
From the cluster console
If you have access to the administrative panel of the 1C server, you can end the session using it. We go to the console, find the frozen user in the “Sessions” menu, call context menu and click “Delete”:
Monitoring the work of users 1C 8.3
To view the history of user work, you need to go to the menu item Service - :
Software products based on the 1C platform, they have many functions, both specialized and applied, that is, administrative. The core functionality (of course, depending on the purpose of the solution) concerns such areas as the purchase of goods, their sale, warehouse, operational and management accounting, accounting, CRM, and in the case of complex solutions - all together.
Naturally, one employee is not able to control all the business processes of an organization, even if they are automated. Therefore, 1C system administrators have to deal with tens and hundreds of users working with certain system functionality. Each of them has to set up special rights so that they have at their disposal all and only the documents, functions and reports they need at the same time. And here we begin to consider the applied or administrative functionality of 1C solutions, which specifically includes setting up user access rights.
User settings 1C 8.3
Responsible for user rights in 1C 8.3 special objects configuration structure – “Roles”. Most typical configurations already have a certain list of standard roles created. You can use them when creating accounts and setting access rights for them. If the standard set does not suit you, then you can change it or add your own roles.
Each user can be assigned several roles that are responsible for specific rights. In order to configure 1C user rights, you need to find out what roles they currently have. This information can be obtained in two ways:
- Through the configurator. This option suitable for any configuration;
- In some configurations through the "Enterprise" mode.
Launch your 1C database configurator under a user name with full rights and open the “Administration” -> “Users” menu. To find out the rights of a specific user, you need to double-click on the line with his last name and go to the “Other” tab. The roles that are available to the user will be checked. To add or remove a specific role, change the checkboxes and click OK.
If, after analysis, you realize that standard roles cannot fully satisfy the requirements for the delimitation of rights, then you need to change them. To do this, find the required role in the configuration tree and open it double click. On the left side of the window that opens, you will see a list of all configuration objects. On the right side, checkboxes indicate those actions, the rights to which are assigned to this role, in relation to the selected object on the left.
You can not only give and remove permissions for certain actions with configuration objects by checking and unchecking the boxes. In addition, the 1C platform has a very convenient mechanism built into it that is responsible for limiting user rights at the record level - RLS. It allows you to set a condition, only when fulfilled the user will see infobase data. Using RLS, user rights in 1C 8.3 can be configured so that, for example, each specific warehouseman will see information only for his warehouse.
Another way to add rights to an object to a user without changing standard roles is to create a new role. To do this, click on the “Add” button while in the “Roles” configuration branch and name new object. In the window that opens, find the required configuration objects on the left, and install on the right necessary rights and restrictions. After saving the new role, you need to update the configuration, go to the list of users and add a new role to certain users.
The responsibility of the 1C information base administrator is not limited to creating users and assigning rights. Employees may change, responsibilities may be redistributed, and administrators must respond quickly to all these changes. If an employee who performed certain functions in 1C quits, then it is necessary to disable the 1C user so that former colleagues do not use account. The list of users, which can be opened in the configurator in the “Administration” menu, will help us with this.
Having opened the 1C user settings, you need to uncheck the boxes responsible for finding the employee’s name in the selection list and authentication. This way, you will prohibit logging in under the last name of the departed employee and save the access rights settings in case the employee returns. These settings will also be useful if all powers are transferred to a new employee - you will not have to configure the roles again.
It is also not recommended to completely delete a user because the system contains links to the responsible user in various documents. If you delete an entry, there will be broken links and confusion about who created specific documents, which can lead to confusion. It is much more effective to disable the 1C user from logging into the system, and in some cases completely remove rights (roles). Also, some companies have the practice of marking inactive users with a certain icon in the “Name” field, for example: “*IvanovaTP”.
In some cases, the 1C administrator may urgently need to “throw out” users from the 1C database. This can be done in two ways:
- Through "Enterprise" mode from a user with administrative rights. Not supported by all configurations;
- Through the application server using the console of a 1C server cluster.
To use the first option, you need to go to “NSI and Administration”, open “Maintenance” and launch the “Active Users” form. We will see a list of active users and a “End” button at the top, clicking on which will forcefully terminate user sessions. In addition, in this list you can see the computer name and start time, which will help track down frozen sessions.
The second option for disabling active users requires more attention and responsibility, since most often the cluster console is hosted on the application server. If you have access to this server control panel, you can end the user session as follows:
- Open the cluster console;
- Let's go to the list information bases and open sessions for the one we need;
- Find the required user in the list;
- Call the context menu by pressing right button mouse, there will be a function - “Delete”.
In the 1C platform, developers have included a convenient mechanism for setting up rights and managing users. Therefore, the described capabilities are available to owners of all configurations, even those written independently. Another advantage is that it does not require deep knowledge of the 1C system. Any responsible and attentive administrator is able to cope with these operations.
— Vasya, starting from today you are creating users!
- But I’m a programmer, not a system administrator?!
— System administrators don’t know 1C, so you will create users!
- Aaaah!!!
A programmer is a person who writes programs for a computer. However, managing the list of users in 1C is usually entrusted to someone associated with 1C, namely a 1C programmer.
In principle, some programmers are not against it, since it gives them some “privileges”.
Nevertheless, the list of users in 1C differs little from the lists of users in other programs. Therefore, creating a new user or disabling an existing one is as easy as shelling pears.
1C users
So, 1C has its own list of users. It is used to regulate access to the 1C database. When entering the database, 1C will ask you to select a user from this list and enter a password.
There are options in which 1C does not ask for a username to log in. However, this doesn’t mean anything at all . It’s just that in this case, the user from the list is mapped to a Windows/domain user and is detected automatically. How
The only option when 1C does not really prompt the user is when creating a new (empty) database. In this case, the list of 1C users is empty. Until the first user is added, 1C will log in automatically. A similar system is used in Windows when there is one user without a password.
1C users differ from each other:
- Access rights
- Interface (presence of items in the menu).
There is no “superuser” or “administrator group” as such. An administrator is a user who has all configuration rights and administration rights enabled. In an empty database (when the list of users is still empty), this particular user should be added first.
Two lists of 1C users
In fact, 1C has two lists of users. One of them (the list of 1C users) is “real” from the programmer’s point of view. It's in the configurator. It is by this that 1C identifies the user.
This is the approach of old standard configurations (for example, trade management 10, accounting 1.6, etc.) - users are edited in this list, and are automatically included in the user directory upon first login.
The second (users of version 1C 8.2, “not real”) is the users directory (and the external users directory, as in UT 11). The directory existed before, but the approach of the new standard configurations is that users are added to it, and are automatically included in the “real” list.
The main problem with this approach is that those who don’t like working this way and want to do it the old way can’t do it, because when you create it, certain fields are filled in, and if you add a user to the list, they won’t be picked up automatically in the directory.
How to add a user to the list of 1C users
So, the list of 1C users is in the configurator. and open the Administration/Users menu.
To add a user, you must press the add button (or Ins from the keyboard). If the list is now empty, then the first user must have administrative rights (see below).
- Name – user name (which he will choose when logging into 1C)
- Full name - reference full name, does not appear anywhere
- Password
- Show in selection list
o if the checkbox is checked, the user will be in the selection list when logging into 1C
o if the checkbox is not checked, then the user will not be in the selection list (that is, you cannot select), but you can enter his name from the keyboard and log in - Operating system authentication – can be associated with a Windows/domain user and this user will not need to enter a password (will log in automatically).
On the Other tab, you select rights and basic user settings.
- The main interface is a menu that will be available to the user (used only in the thick client)
- Russian language
- [Main] Launch mode - thick or thin client, using this parameter you can enter the configuration of the thin client - thick and vice versa
- Available roles (user rights).
User rights in configurations are usually divided into blocks (“roles”). In the approach of the old configurations, they were broken down by user position (cashier, manager, etc.). This approach has a disadvantage - since in different organizations the cashier and the manager may have different functions.
Therefore, in the approach of the new configurations, they are broken down by action (access to the end of the month, access to cash transactions). That is, for each user a set of operations is set.
In both cases there are basic access rights to enter the program. In the old approach it's:
- User
- Full Rights (for administrator).
In the new approach it is:
- Basic Rights
- BasicRightsUT
- LaunchThinClient – plus LaunchXxxClient for launching others
- SubsystemХхх – a check mark for each subsystem (tab in the interface) that the user needs
- Full Rights (for the administrator, not Administration!).
PS. For external users, basic rights are not required.
How to add a 1C user - 1C 8.2 users
The list of 1C 8.2 users in the new version is located in 1C (in 1C Enterprise mode), in the Users and External Users directories (only if supported by the configuration). The difference is that you must create users not in the configurator, but in this directory, and they will get into the configurator automatically.
If you are using a thin client, then see the Administration desktop tab. Otherwise, open the Users directory, for example, through the Operations menu.
Click the Add button (or Ins from your keyboard). To be able to manage the list of users, you must have Full Rights enabled.
Unlike the first approach, here you do not directly indicate each right (role) to the user, but indicate groups of rights (user groups).
The User Groups directory contains a profile that defines a set of rights (roles). In the User Group Profiles directory, you can change or add such sets of rights (roles).
1C user settings
In some configurations (especially in the old approach configurations) it is not enough to create a user. Additionally required:
- Log in as a user for the first time
- After that, find the user in the user directory
- In the directory form, click (options “or”)
o Menu Go/User Settings
o Menu Additional Information/User Settings and Advanced User Rights
o In some configurations this is a sign directly on the user form
o In some configurations, the global menu of the program Tools/User Settings - Configure additional settings/user rights that determine auto-filling of fields and some accesses.
How to disconnect a 1C user
[Temporary] user disconnection is not provided in most configurations. Here are variations that can be used to achieve this result.
Configurations of the old approach (via the configurator):
- Delete user
- Change password
- Remove the User role (will not be able to log in).
New Approach Configurations (via Enterprise):
- Uncheck Access to information. database allowed
- Change password
- Remove from all access groups.
Active 1C users
1C allows you to find out the list of users who are currently in the database.
To do this, in Enterprise mode, select the Tools/Active Users menu (thick client, administrative interface). In the thin client - Administration tab, Active users on the left (may be in See also).
In Configurator mode, select the Administration/Active Users menu.
Disabling 1C users
As you know, in order to update the database (configuration) it is necessary that all users log out of 1C (not in all cases, but often required).
Users don’t like to leave (this is a fact). And if you ask them over the phone, they will definitely log in again within 30 seconds. When there are 200 users, it becomes a very fun event.
Therefore, there are three ways to disconnect users from 1C:
Loading...
