Workstation-Level Security
Depending on the operating system of the machines that are running the user sessions, you may be able to combine an application security setting with operating system features to create an additional security layer at the workstation level.
The Timeout Minutes field in Security Control (36.3.24) lets you specify the number of minutes of inactivity that can occur before the system automatically logs a user out of a session. Primarily used to reduce the system load resulting from users who stay logged in when they really do not need to be, this feature also enhances access security. If you set this to a reasonable number—such as 30—you can prevent users from inadvertently staying logged in when they go to lunch and leaving an open session that might be accessed by unauthorized individuals.
For data integrity reasons—for example, to prevent a user from having a session terminated without saving modified data—this feature applies only when the system is displaying a menu, rather than when a program is executing. To add workstation security for times when a user leaves a computer unattended while a program is running, you can use operating system features.
Windows Systems
In many environments, users run a Windows system; for example, GUI clients, character sessions using a terminal emulator, QAD Desktop sessions using a Web browser, or QAD .NET UI clients. You can establish work procedures that require users to set up their machines to display a screen saver after a specified number of minutes and enter their Windows password—preferably not the same one used for application log-in—to turn off the screen saver.
Note: This procedure assumes that users require passwords to access their computers.
1 Right-click on the Windows desktop.
2 Select Properties.
3 Click the Screen Saver tab.
4 In the Wait field, enter the number of minutes that the machine is idle before the screen saver displays.
5 Select the box labeled On resume, password protect.
6 Click OK.
When the screen saver comes on, it can be cleared only when the current user’s Windows password is entered, or when an individual with system administrator access overrides the user log-in.
See the Windows online help for more information.
Note: Setting up this form of security does not affect any applications that are running when the screen saver displays. It only blocks access to the computer.
Example of Windows Screen Saver Setup illustrates an example of a computer running Windows XP set up for a 10‑minute screen timeout, which can be cleared only by entering a password.
Example of Windows Screen Saver Setup
To lock a computer manually without waiting for the screen saver timeout, press Ctrl+Alt+Delete, then click Lock Computer. A password is required to access a locked system. Your security policy should require users to do this when they leave their computers unattended as a matter of good security practice.
Note: Depending on the operating system and version running on your Windows computers, as well as the way users are set up, the system administrator may be able to configure all machines in this manner and prevent individual users from changing the settings. See the operating system documentation for your system for information.
Non-Windows Systems
Many standard UNIX workstations—including those provided by HP, Sun, and IBM, which use the Common Desktop Environment (CDE)—offer screen-locking features much like those in Windows. Set up CDE-based machines using the Style Manager icon on the Front Panel. Similar features are also available for some LINUX environments.
See the user documentation for your workstation for specific information.
