Close 1s forcibly. Easy ways to disconnect users

The need to force user shutdown occurs mainly in the following cases:

• Updating the information base;
• Adding a new metadata object to the configuration;
• Carrying out preventive and repair work on the server;
• A hung user session preventing the application from restarting.

In this article, we will try to tell you how to end a user session, what tools for performing this task are in the administrator's arsenal, what completion options are provided by the file, and which are the client-server version of 1C operation.

It is important to remember that data loss may occur if the session is forcibly terminated. So in order to avoid unpleasant situations, it is advisable to warn users in advance about the disconnection.

Closing sessions from the configurator

When changes are made to the database structure, dynamic configuration updates are not available. And an information window appears on the screen (Fig. 1).

The sequence of actions in this case is obvious:

1. It is necessary to press the button "End sessions and repeat";
2. Wait for the database restructuring window;
3. Click "OK".

It should be noted that changes made to the program code do not require users to shut down; however, without restarting the application on each specific computer, they will not work on this device.

Ending sessions directly from the program

Most of the standard products of the company 1C of the eighth version have in their set a mechanism that allows you to remotely shut down the user without much difficulty and provide the administrator with exclusive access to the database. This is the "Blocking infobase connections" processing.

You can find it at one of two addresses:

1. In one of the submenus of the "Service" section;
2. Going to the section Operations-> Processing.

Fig. 2

The appearance of the processing is shown in Fig. 2.

Features of this processing:

1. Checking and unchecking the checkbox, and clicking the "Record" button enables and disables blocking users, deleting sessions and preventing the creation of new connections;
2. The blocking end time cannot be empty or less than its start time;
3. In the case when the "Permission code" parameter is set, it can be written in the startup line, to ignore the blocking, by specifying "/ UC" before the code;
4. If you do not specify the "Permission code", then before the expiration of the blocking period it will be problematic to get into the database (in the file mode of operation, you can try to delete the 1CVcdn file from the database folder);
5. If, instead of the parameter "/ UС" and the password separated by a space, you specify "/ CAllowWorkUsers", where C is Latin, you can completely disable blocking for all users;
6. Pressing the "Active users" button brings up a window with a complete list of users (Fig. 3), from where you can open the "Registration log" or end the session of each specific user.

Fig. 3

The above two options work fine in both file and client-server modes. Further we will consider cases typical only for server work.

Removing users from rdp

It is important to remember that disconnecting user sessions from servers is possible only if you have certain rights to this action.

When working from a remote desktop, you can end user sessions using the standard task manager. Simple interruption of sessions is a bit wrong, but quite effective way.

The second option is to use the task manager - a remote connection with the ability to control each specific session and exit the program according to all the rules. This method is long, and no one guarantees that while one user is logging out, the program will not be launched by some other employee.

Removing users via the server console

Having administrator rights for a 1C server cluster, you must:

Very often, when working in server mode, hung user sessions are not visible by means of the platform; they can only be deleted through the console.

The most radical way to interrupt sessions

A situation when the above methods did not work happens extremely rarely. But if it occurs, there is another radical way to interrupt connections to the database: physically restarting the server.

Of course, users who do not have time to finish their work and save the data will be extremely outraged by such a shameless attitude, but it is fast and extremely effective.

Implemented in version 8.3.8.1652.

Previously, users accustomed to working with web applications experienced a certain inconvenience of not seeing the user's shutdown command. They are accustomed to the fact that there is usually such a team, and it is in a prominent place. And to shut down the web application, you need not just close the browser window, but execute this command. Which, among other things, will complete the authorization session. So that the next time you launch the application, you cannot enter it "just like that", but only after entering your username and password.

In 1C: Enterprise and team Exit, and the command Shut down user ...(when using OpenID authentication) exist, but are located in the menu File, which many users don't know about.

To make the user experience more familiar, we've added a shutdown command to the app title bar, next to the button About the program... It is displayed as a hyperlink with the name of the current user.

This command, with basic authentication, exits the client application. And with OpenID authentication, it exits the user (OpenID logout) and also exits the application.

When publishing an infobase on a web server, you can specify the URL that will be followed after the web client has finished working with this command. For example, to return to the main page of the service provider if the user was working with the application in the service model.

When backing up infobases, users must stop working with the infobase.

"End the work of 1C: Enterprise users"
Set the flag if you need to shutdown users with the database before archiving.

Possible user shutdown options:

• "End sessions on the 1C: Enterprise server"

Option to disconnect users by forcibly disconnecting sessions on the 1C: Enterprise server. Available only for 1C: Enterprise client-server databases.

Important: do not confuse this user with the 1C: Enterprise database user and the "central server administrator" user.

In the 1C: Enterprise server console, cluster administrators are located in the following path: "Console Root" - "1C: Enterprise 8.3 Central Servers" - "(*) Computer name" - "Clusters" - "Local cluster" - "Administrators".

"Cluster Administrator Name:"
The username is "cluster administrator".

"Cluster administrator password:"
The password for the "cluster administrator" user.

"A non-standard server agent port is being used"
Set this flag if the port of connection to the "Agent" of the server is different from the standard one.

"Port:"
Port of connection to the agent of the 1C: Enterprise server. The default is 1540.

To determine the port of the server agent, go to Server 1C by right-clicking on the computer name from the drop-down menu, select "Properties" - "Parameters of the central server 1C: Enterprise" - "IP port:".

• "Force users to shutdown"

Option to disconnect users by calling the user shutdown mechanism built into typical configurations. This mechanism is based on the "Blocking the establishment of infobase connections" procedure.

The execution algorithm is as follows:

• Start shutting down users.
• Start task execution (archiving, testing and patching, etc.).
• Start user work permissions.

"Moment:"
The moment the users shut down.

• "Finish work before completing the task"... Before each task execution, the user shutdown procedure will be launched.
• "Exit only if you need to update the configuration"... If the task is configured to perform exchange for the peripheral base and the changed configuration is received from the central site, the user shutdown procedure will start. Otherwise, the completion mechanism will not work.

Administration and control of 1C 8.3 users is an integral part of the implementation and support of any 1C software product. In fact, this is not a difficult task, and, I am sure, anyone can handle it without any problems. Let's consider the process of administering 1C users in more detail.

User management in 1C is a fairly simple and intuitive process, but it still needs a description.

Conditional administration and control includes:

• user creation;
• setting user rights;
• viewing active users;
• analysis of user actions.

Let's consider each of these points in more detail:

Creation and installation of user rights 1C 8.2

Depending on the configuration, users are entered either in the configurator or in user mode. Almost all modern configurations support user input in 1C: Enterprise 8. Also, in 1C: Enterprise, as a rule, additional user parameters are entered.

However, regardless of the configuration, the first user with administrative rights is always entered in configurator mode. Therefore, we will cover both modes of user input.

Entering users in the Configurator

To enter the 1C Configurator mode, select the Configurator option in the base selection list:

After logging in, select the Administration - Users items in the menu. A list of users will open, if you create the first user, it will be empty. Add a new user "Administrator":

On this page, you must specify the user settings:

• Name and Full name- user name.
• If the flag is set Authentication 1C: Enterprise, then items will become available Password(the password that is used to enter 1C), User is prohibited from changing password(makes it possible for the user to change the password in user mode), Show in picklist(makes available the selection of a user in the list, otherwise the username must be entered manually).
• Operating system authentication - flag responsible for the ability to authorize using the operating system username. User- username of the information system (for example, \\ dom \ kirill, where dom is the network domain, and kirill is the OS username). At startup, 1C first checks the authorization through the OS, and then the 1C 8.2 authorization.
• OpenID Authentication- enabling authorization using OpenID technology ... OpenID is an open, decentralized system that allows a user to use a single account to authenticate on multiple unrelated sites, portals, blogs and forums.

Get 267 1C video tutorials for free:

In the tab Other you need to specify the appropriate roles for the user (). In our case, we will indicate for the administrator Full rights... For other users, the required roles can be flagged here. User rights are summarized from the available objects of different roles. Those. if a user has two roles selected, one has access to the Nomenclature catalog, and the second does not have access. For any user without "Full rights" the "User" role must be installed(if present).

Also on this tab you can specify Main interface(only works for regular forms). Default language- if the configuration is developed in several languages. Launch mode- a managed or regular application.

Creating a user in 1C Accounting 2.0

After a user with full rights is registered in the system, users can be entered in 1C: Enterprise mode. For example, let's create a user in the most common configuration - Enterprise Accounting 8.2.

To do this, select the item in the menu Service - User and Access Management... The "Users" directory will open. Create a new user:

Fill in the information about the user and his main ones, click the "OK" button: the system will offer to automatically create a database user:

You must agree, the new database user form will be displayed:

That's all! The creation of the user and the assignment of rights to him is now complete.

Viewing active users in the 1C database

To view users working in the database in 1C: Enterprise mode, select the item Service - Active users... A list of users working in the database will open:

How to disable users in 1C 8.3 and 8.2

There are two ways to disable an active user in the 1C database:

• in the program interface (for configurations 1C Accounting 3.0, Trade Management 11, etc.);
• via the server cluster console (available only in the client-server mode of operation).

From the interface

In user mode, you can throw out a hung user by going to the "Administration" - "Support and maintenance" menu, then selecting the "Active users" item:

Select the desired user in the list and click the "Finish" button.

From the cluster console

If you have access to the administrative panel of the 1C server, you can end the session using it. We go to the console, find the hung user in the Sessions menu, call the context menu and click Delete:

User control 1C 8.3

To view the history of user work, go to the menu in the item Service - :

Software products based on the 1C platform have many functions, both specialized and applied, that is, administrative. The core functionality (of course, depending on the purpose of the solution) concerns such areas as the purchase of goods, their sale, warehouse, operational and management accounting, accounting, CRM, and in the case of complex solutions, all together.

Naturally, one employee is not able to control all business processes of an organization, even if they are automated. Therefore, administrators of 1C systems have to deal with dozens and hundreds of users working with certain system functionality. Each of them has to set up special rights so that they have at the same time everything and only the documents, functions and reports they need. And here we begin to consider the applied or administrative functionality of 1C solutions, which just includes setting up user access rights.

User settings 1C 8.3

Special objects of the configuration structure - "Roles", are responsible for user rights in 1C 8.3. Most typical configurations already have a specific list of predefined roles created. You can use them when creating accounts and setting access rights for them. If the standard set does not suit you, then you can change it or add your own roles.

Each user can be assigned several roles that are responsible for specific rights. In order to configure the rights of 1C users, you need to find out what roles they have now. This information can be obtained in two ways:

• Through the configurator. This option is suitable for any configuration;
• In some configurations, through the "Enterprise" mode.

Run the configurator of your 1C database under a username with full rights and open the "Administration" -> "Users" menu. To find out the rights of a particular user, you need to double-click on the line with his last name and go to the "Other" tab. The checkbox will mark those roles that are available to the user. To add or remove a specific role, change the flags and click OK.

If after the analysis you understand that the standard roles cannot fully satisfy the requirements for the differentiation of rights, then you need to change them. To do this, find the required role in the configuration tree and double-click it to open it. On the left side of the window that opens, you will see a list of all configuration objects. In the right part, the checkboxes mark those actions, the rights to which are assigned in this role, in relation to the selected object on the left.

You can not only give and remove permissions for certain actions with configuration objects by checking and unchecking the checkboxes. In addition, a very convenient mechanism is built into the 1C platform, which is responsible for restricting user rights at the record level - RLS. It allows you to set a condition, only upon fulfillment of which the user will see the infobase data. Using RLS, user rights in 1C 8.3 can be configured so that, for example, each specific storekeeper will see information only for his warehouse.

Another way to add rights to an object to a user without changing the standard roles is to create a new role. To do this, click on the "Add" button while in the "Roles" configuration branch and name the new object. In the window that opens, on the left, find the required configuration objects, and on the right, set the required rights and restrictions. After saving the new role, you need to update the configuration, go to the list of users and add the new role to specific users.

The responsibility of the administrator of the 1C infobase is not limited to the creation of users and the distribution of rights. Employees can change, responsibilities can be redistributed, and administrators must react quickly to all these changes. If an employee who performed certain functions in 1C resigned, then it is necessary to disable the 1C user so that former colleagues do not use the account. The list of users, which can be opened in the configurator in the "Administration" menu, will help us with this.

Having opened the 1C user settings, you need to remove the checkboxes responsible for finding the employee's name in the selection list and authentication. Thus, you prohibit logging in under the last name of the departed employee and save the access rights settings in case the employee returns. Also, these settings will come in handy if all powers are transferred to a new employee - you do not have to re-configure the roles.

It is also not recommended to completely delete a user due to the fact that the system contains links to the responsible user in various documents. If you delete an entry, there will be broken links and misunderstandings about who created specific documents, which can lead to confusion. It is much more effective to disable the 1C user from entering the system, and in some cases to completely remove the rights (roles). Also in some companies there is a practice to mark inactive users with a specific icon in the "Name" field, for example: "* IvanovaTP".

In some cases, the 1C administrator may need to urgently "throw out" users from the 1C database. This can be done in two ways:

1. Through the "Enterprise" mode from a user with administrative rights. Not supported by all configurations;
2. Through the application server using the 1C server cluster console.

To use the first option, you need to go to "NSI and Administration", open "Service" and run the "Active users" form. We will see a list of active users and on top of the "End" button, clicking on which will forcefully end user sessions. In addition, in this list you can see the name of the computer and the start time, which will help track hung sessions.

The second option for disabling active users requires more attention and responsibility, since most often the cluster console is placed on the application server. If you have access to this server control panel, then you can end the user session in the following way:

1. Open the cluster console;
2. We go to the list of infobases and open the sessions we need;
3. Find the required user in the list;
4. We call the context menu by pressing the right mouse button, there will be a function - "Delete".

In the 1C platform, developers have a convenient mechanism for setting rights and managing users. Therefore, the described capabilities are available to the owners of all configurations, even those written on their own. Another advantage is the lack of demand for deep knowledge of the 1C system. Any responsible and attentive administrator is able to cope with these operations.