Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Uffe

Pages: 1 2 [3] 4 5 ... 76
Automation Interface, Add-Ins and Tools / Re: WebEA user authentication
« on: February 27, 2018, 12:00:10 am »
Here is Support:
Re: Reference Number: 17127682 : WebEA: 400 Request does not contain User ID

Unfortunately there is not currently any workaround to login to a security enabled model in WebEA without entering an ID/Password. Currently you will need to use login_prompt = "true" and enter credentials to log in.

Please also note, WebEA does not support automatic login using Windows Authentication. When functioning as intended, the only way to login (to a Security enabled model) in WebEA without a User/Password prompt is to use...

From this it seems that Active Directory Security MUST be switched off....

Well, not quite I think. It doesn't say that Windows authentication must be disabled in order to allow WebEA users access to a project, only that WebEA can't utilize Windows authentication. The way I read it, it should still be possible for regular EA users to use Windows authentication.

Thinking further, you could always set up the WebEA site to allow access only to members of certain AD groups. That's just a web server config. However, this would only ensure that the WebEA site is restricted to authenticated users: the WebEA service would still be wide open to anyone who can guess a password.

Possibly the service could be secured by a firewall rule requiring an authenticated connection, listing the permitted AD groups in the rule.

If that works, the problem of restricting access to properly authenticated users can be solved. But WebEA users would still need to identify themselves with user ID / password upon connecting.

Assuming I'm reading Sparx' response to you correctly, that only leaves the question of whether users connecting using the EA client and Windows authentication can coexist with users connecting via WebEA and user ID / password. Ie, two authentication schemes in one project.

And it imposes the restriction that users must be placed in one or the other group. They can't connect with the EA client one day and WebEA the next. (Unless the password hash that's stored in the project can be reversed. What the hell is that thing, anyway?)

It really would help if Sparx could provide some feedback on this. There are just too many ifs and buts and ginormous gaps in the documentation.


Automation Interface, Add-Ins and Tools / WebEA user authentication
« on: February 17, 2018, 12:05:54 am »
Hi all,

I'm evaluating WebEA for a client. According to the WebEA Login help page, in addition to some "access code" I cannot see any point of, WebEA supports "standard Enterprise Architect model security." However, the page then states that login credentials can include
  • An access code, or
  • A user ID and password, or
  • Possibly all three
Ignoring the fact that "all three" makes no sense since you can't provide just a password with no user ID, what about Windows domain authentication? It's part of standard EA model security, but it's not in the list.

Can you authenticate WebEA users against a domain, or not?

What happens if you configure a project for windows authentication, and configure WebEA to prompt user ID and password?
Should users provide a blank password?
Is the password ignored?
Or will users be unable to log in?

What happens if you configure a project for windows authentication, and configure WebEA to prompt for an access code, or no authentication at all?
Are users correctly identified in the project (in Author fields etc)?


Automation Interface, Add-Ins and Tools / Re: Script creation issue
« on: February 15, 2018, 07:12:21 pm »
Admin is really just another user account: it does not bypass the permissions check, it just gets all permissions when it is created (ie when you enable user security). However, the Edit Script and Run Script permissions were added in 13.0, and accounts in projects which have been created with an earlier version are not automatically granted new permissions.


Automation Interface, Add-Ins and Tools / Re: Script creation issue
« on: February 15, 2018, 01:22:25 am »

All EA functionality is the same regardless of the type of repository you're using so that's not it.
It sounds more like you're missing security permission Edit Scripts in that project. Whereas a new project doesn't have security enabled, and thus all functionality is available.



t_connector is the table in the EA database. In the API, it essentially corresponds to the Connector class. But for what you're after, I don't think you need to bother querying the database.

The "link to element feature" is not core UML, so it's not reflected in any of the regular Connector properties. Instead, you have to decode StyleEx (I don't think you need to query the database to retrieve this, there's a .StyleEx property in the API).

As for decoding it, that's a little complicated, but not too hard. Have a search through the forum -- it's been discussed many times before.


General Board / Security permission missing from user guide
« on: February 10, 2018, 02:50:52 am »
Hi all,

The recently added security permission Configure Project Requisites is not listed on either the 13.0 permission list or the 13.5 permission list pages.


How do I install a MDG in user mode??
In the Import MDG Dialog there will be two options
  • Import to Model
  • Import to User
My recommendation is always to do neither of these. Importing an MDG Technology to a project means it only works there, not in a side project you might want to create. Importing to a user means it only works for that user, not for other users who might be collaborating on the same project.

Instead, deploy MDG Technologies to a shared folder and instruct all users to add that path to their configuration. If you redistribute the software internally, which larger organizations tend to do, you can set this up in the distribution package.

And how do I restrict other user to make my mistake again, ie make repository model have requirement of unnecessary MDG:s
In addition to what the others have said about not testing stuff in a production environment, it's good practice to establish which MDG Technologies SHALL / MAY / SHALL NOT be used in each project. But there's no functionality to enforce such rules.


It would probably be a good idea to offer one of them (Cxx or Java for example) as a downloadable sample where people can start from.
I don't know about "good" -- those are pretty big languages. The small samples that come with the EA installation are better I think, since they're easier to wrap your head around.


General Board / Re: Predefined Tagged Values for Requirements
« on: February 05, 2018, 08:30:08 pm »

Well I'm with the others on this one. EA consultants, unite! :)

A lighter-weight approach is to create just a profile and import that back into the project (an MDG Technology contains profiles, as well as diagram types with customized toolboxes, document templates, etc). However, this isn't much help since it's the profile that's the hurdle really -- creating a simple MDG Technology with just one profile in it is very easy even the first time out, but building the profile takes a little more effort.

As Geert pointed out, that effort has been reduced since 2012, although it still isn't zero. In EA, profiles are modelled according to a specific set of rules, then exported as XML (NB: not regular XMI, there's a specific "save as profile" function). This takes a little getting used to, but for a simple profile with just a couple of tagged values to requirements, it's less than a day's job once you get up to speed.



General Board / Re: Does EA 10 support SQL Server 2016?
« on: February 05, 2018, 08:16:13 pm »

I haven't tried it but I don't see how there could be a problem.

The other way around possibly: if you want to enable row-level security, which EA recently added support for, that requires SQL Server 2016.
But an older EA version on a newer SQL Server version should not cause any issues.

I wouldn't recommend upgrading the server in place, though. It's safer to set up a 2016 server first, create an EA project on that and test it out, then migrate the old project(s) and finally decommission the 2008 server.



That's what's weird: it is a metatype. Or at least, it's available in the "Extend metaclass" dialog, listed in the core set, no extensions.

So it should function like the other metaclasses do in termes of extending it. But it doesn't.


Activity. And it is based on an Object.

Of course I can base my stereotype on Object too, but I'd rather base it on datastore if I can. It just feels righter. That's a word. :)


Hi all,

I'm trying to create a stereotype which extends datastore. I've tried this both with in-project UML types and with a profile. I'm on 11.1.

The problem I bump into is that the shape script I've created isn't run. When I create an element of my stereotyped type, it looks like an Object. It is presented with the datastore keyword and my stereotype, and it has the Object colour, not the datastore one.

If I redefine my stereotype to extend Object instead of datastore, it works: the script runs.

Why is this? And does it still work the same in 13?


General Board / Re: Security users - windows authentication
« on: February 02, 2018, 08:19:57 pm »
Tjena! :)

How do you make a EA shortcut for a DBMS-project? with correct connection params. ???

As has been suggested, you can just save one out of EA. But it's actually quite simple to create a shortcut .EAP file manually, and in a deployment where you work with multiple projects and add new ones over time this often ends up being simpler.

Here's a template for a SQL Server-based repository which uses Windows credentials (which is unrelated to EA's user authentication, see earlier posts in this thread).
Code: [Select]
EAConnectString:#Window title# --- DBType=1;Connect=Provider=SQLOLEDB.1;
Integrated Security=SSPI;Persist Security Info=False;
Initial Catalog=#Database name#;Data Source=#DB server and port#;LazyLoad=1;

Note that the split into three lines is just for clarity here. When EA creates a shortcut .EAP, it puts everything onto a single line and no whitespace after the semicolons. The hashes are there just to signify parameters you need to replace. In a real file, there are no hashes, no quotation marks or anything like that.

Most of what's in the file is plain ODBC, so things like the correct DBType value for a particular database server are defined by Microsoft. Only the very first and very last bits (window title and LazyLoad) are EA-specific.

#DB server and port#: Something like MyServer,1433 for an SQL Server server.
#Database name#: The name of the database on the server. If you set up a DB connection manually, this is in the "Connection -- 3. Select the database on the server" dropdown.
#Window title#: This is what's shown in the window title. It's a good idea to make sure this is the same as the name of the file, otherwise it's confusing.

I usually impose a naming scheme where the #Window title# is set the same as the file name, and the file name is set to Meaningful project name (database name). The "Meaningful project name" is something that makes sense to the modellers, and the databases are named EA001, EA002, etc which makes it easier for the DBAs. If the client wants one or more reusable asset repositories they're RAS01, RAS02, ...

FWIW, we name ALL shortcut files with a leading "@" to separate them from REAL .eap files.

That's a very good little practice there, hadn't thought of that. I'll steal that for next time. :)

Finally, set up the shared folder so that only the EA admins can write to it, or at least make the files read-only. Just for drulleförsäkring.



General Board / Re: Using a central local help library
« on: February 02, 2018, 07:34:29 pm »
Yup, that's it.

Key         HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sparx Systems\UserGuide
Value Name  Path
Value Data  C:\Program Files (x86)\Sparx Systems\User Guide\

I did a simple test moving the guide to a different directory on a local hard drive, and it worked. I didn't try it with a UNC path, so that's probably worth a quick check before you deploy.


Pages: 1 2 [3] 4 5 ... 76