LeasePak Users and Roles »
LeasePak Server Users »
LinkIT User »
LeasePak Supervisor User »
LeasePak Client Users and Setup »
LeasePak Users and Roles
LeasePak Client Users and Setup
| User | Default Name | Default Group | DBMS Access | LeasePak Server Access | LeasePak Client Access |
|---|---|---|---|---|---|
| Regular user | varies | $NSTGROUP1 | via LeasePak2 | via LeasePak2 | direct2 |
| Report user | varies | $NSTGROUP1 | via LeasePak2 | via LeasePak2 | direct2 |
| Partial Update user | varies | $NSTGROUP1 | via LeasePak2 | via LeasePak2 | direct2 |
1$NSTGROUP is the required primary group for all LeasePak client users.
2LeasePak client users have direct access to the LeasePak client and, through LeasePak, access to the LeasePak and DBMS servers. If needed, these users can also have direct access to the LeasePak and DBMS server with explicit knowledge of the appropriate passwords.
LeasePak Client User Types
Regular
LeasePak client user with access to updates and reports according to the user's particular security settings.
Report
LeasePak client user with access to some or all LeasePak reports only.
Partial Update
LeasePak client user with access to a limited selection of LeasePak Application Tracking updates and reports corresponding to mPower functionality.
LeasePak Client User Setup
Each dedicated LeasePak client user must have a DBMS, a LeasePak server, and a LeasePak client account. If using the shared user module, refer to the Shared User Setup to setup shared LeasePak client users.
Setup Overview
The LeasePak password system depends on setting up the users' LeasePak server and DBMS accounts using passwords that match the translations of the client string. The following is an overview of the steps for adding a new LeasePak client user:
- Select an initial user name and client string. This string must be between 6 and 12 characters in length. The LeasePak client user can change the client string (and the translated passwords with it) later through the LeasePak client Change Password option
- Use
$uexe/lpadriver.exe /util 112to determine the translated server and DBMS server passwords based on the client string - Create server and DBMS server accounts for the LeasePak user with the correct translated passwords
- Add the user to the appropriate LeasePak database(s)/tablespace(s)
- Log on the LeasePak client as the LeasePak supervisor user (lpsuper)
- Use the U0706 LeasePak Security update to add the user to the LeasePak security table (rsc).
Do not use $uexe/lpadriver.exe /util 108 to add any user to the LeasePak security table other than the LeasePak administrative user. The $uexe/lpadriver.exe /util 108 function provides no control in how the user is added to LeasePak security, and the LeasePak administrative user must still log on the LeasePak client in order to correctly configure a user's security.
Username
Create usernames in compliance with your company's security guidelines. Use the same username when setting up DBMS, LeasePak server, and LeasePak client accounts.
Client String
Create client strings in compliance with your company's security guidelines. Client strings must be 6 to 12 characters in length.
When Leasepak administrative, updates, or reports users log on the LeasePak client, the password (called the client string) they use is passed through and translated into the actual three passwords required to connect to the LeasePak server—a network password, a DBMS password, and a LeasePak server password. The algorithm translating the client string always produces the same output—that is, "string" always translates to "yihnx8" and "tjgui3".
NetSol does not recommend using the word "string" for an actual client string.
Users logging on the LeasePak Client only know their client string unless they are explicitly given the server or DBMS password separately. Normally, only LeasePak supervisor users (such as lpsuper) know their passwords for logging on the LeasePak server and DBMS server.
Password Translation
Use $uexe/lpadriver.exe /util 112 to translate the client string
1. Log on the LeasePak server as nstadmin or lpsuper
Terminal emulation: you must use one of the supported terminal types. Refer to System Requirements for more information.
2. Type $uexe/lpadriver.exe /util 112 and press Enter The terminal will prompt
This Utility option may be used to translate a Client password
into the equivalent Unix and SQL Server passwords.
Do you wish to continue (Y/N)?
Type y and press Enter.
3. The utility will prompt for the client string
Unix and SQL Server password translation utility
Instructions: Enter the Client password. The equivalent Unix and SQL Server passwords will be displayed.
Enter the Client string, <RETURN> to exit:
Type the selected client string and press Enter. If type password as the client string, the terminal will display
Client string: password
SQL Server string: rkqcguh4
Unix string: rrchglt1
NetSol does not recommend using the word "password" as an actual client string.
4. The utility will prompt for another client string
Enter the Client string, <RETURN> to exit:
Press Enterto exit the utility.
You can create a text file to translate several client strings at once
1. Log on the LeasePak server as nstadmin or lpsuper.
2. In your home directory, use cat, vi, or other means to create a text file password.in
y
passwd1
passwd2
passwd3
passwd4
The last line of the file must be a blank line (newline character).
3. Run $uexe/lpadriver.exe /util 112 with input and output files
$uexe/lpadriver.exe /util 112 < password.in > password.out
4. Use cat, vi, or other means to view the file
This Utility option may be used to translate a Client password
into the equivalent Unix and SQL Server passwords.
Do you wish to continue (Y/N)? y
Unix and SQL Server password translation utility
Instructions: Enter the Client password. The equivalent Unix and SQL Server passwords will be displayed.
Enter the Client string, <RETURN> to exit:
Client string: passwd1
SQL Server string: kudejz2
Unix string: stpjvq0
Enter the Client string, <RETURN> to exit:
Client string: passwd2
SQL Server string: aodmbd9
Unix string: drczoy0
Enter the Client string, <RETURN> to exit:
Client string: passwd3
SQL Server string: qiduth3
Unix string: cjpvty4
Enter the Client string, <RETURN> to exit:
Client string: passwd4
SQL Server string: kedahf9
Unix string: bfcfsq2
(etc.)
NetSol does not recommend using any of the above client string examples as actual client strings.
DBMS Account
Use the LeasePak script db_add_login to create an account on your DBMS server
1. Log on the server as nstdba
Terminal emulation: you must use one of the supported terminal types. Refer to System Requirements for more information.
2. Run the db_add_login script
db_add_login dbms-type new-login-name [new-login-password [srvadm-password]]
where dbms-type is either ora for Oracle or syb for Sybase, new-login-name is the same user name as the server account, new-login password is the corresponding translated password, and srvadm-password is the password for the srvadm user.
You can create a script to add several DBMS users at once
1. Log on the LeasePak server as nstadmin or lpsuper.
2. In your home directory, use cat, vi, or other means to create the file my_add_login
db_add_login dbms-type nsttest1 kudejz2 srvadm-password
db_add_login dbms-type nsttest2 aodmbd9 srvadm-password
db_add_login dbms-type nsttest3 qiduth3 srvadm-password
db_add_login dbms-type nsttest4 kedahf9 srvadm-password
3. Run the script
1. for Korn/Bourne/HP-UX Posix shell (sh) users, type sh my_add_login and press Enter
2. for C shell (csh) users, type csh -c my_add_login and press Enter
NetSol does not recommend using any of the above user names or passwords as actual user names and passwords.
Database Permissions
Use the LeasePak script db_add_user to grant permissions to a specific LeasePak environment and database
1. Log on the server as nstdba
Terminal emulation: you must use one of the supported terminal types. Refer to System Requirements for more information.
2. Run the db_add_user script
db_add_user environment-name legal-DBMS-user nst-access-group dbo-password
where environment-name is the specific LeasePak environment, legal-DBMS-user is the user's DBMS account user name, nst-access-group is either nst for normal read/write permissions or nstr for read-only permissions, and dbo-password is the password for the dbo of the specific database (as specified during db_create.
You can create a script to add several DBMS users at once
1. Log on the LeasePak server as nstadmin or lpsuper.
2. In your home directory, use cat, vi, or other means to create the file my_add_user
db_add_user environment-name nsttest1 nst dbo-password
db_add_user environment-name nsttest2 nst dbo-password
db_add_user environment-name nsttest3 nstr dbo-password
db_add_user environment-name nsttest4 nst dbo-password
The user nsttest3 is a reports user and will have read-only permissions for this database.
3. Run the script
1. for Korn/Bourne/HP-UX Posix shell (sh) users, type sh my_add_user and press Enter
2. for C shell (csh) users, type csh -c my_add_user and press Enter
NetSol does not recommend using any of the above user names as actual user names.
LeasePak Security Records
Do not use $uexe/lpadriver.exe /util 108 to add any user to the LeasePak security table other than the LeasePak administrative user. The $uexe/lpadriver.exe /util 108 function provides no control in how the user is added to LeasePak security, and the LeasePak administrative user must still log on the LeasePak client in order to correctly configure a user's security.
LeasePak Server Account
Follow the appropriate instructions for your OS platform to add a LeasePak user account with the translated password. Make the LeasePak group $NSTGROUP the primary group for the user, and ensure that the user can write to the $HOME directory. If you assign a user's UID number manually, do not use a number greater than 32757. Contact your NetSol representative for more information.
Adding LeasePak users: make $NSTGROUP the group for all LeasePak users, but do not add users to the $NSTGROUP line of the /etc/group file. Having all LeasePak users listed on this line will cause fatal errors during the LeasePak installation.
Multiple concurrent versions:if you are running more than one version of LeasePak on the same server, be sure to use the appropriate startup files (such as .lplogin and .lpprofile) with the LeasePak release administrator for the version you are working in. NetSol strongly recommends that you set up separate, version-specific LeasePak release administrator users for this situation.
LeasePak Environment Startup Files
The LeasePak environment files .lplogin and .lpprofile only need to be incorporated into the startup files of users who perform LeasePak-related tasks requiring direct access to the LeasePak server, such as the LeasePak supervisor user (lpsuper).
Security
On the LeasePak server, the root user controls security by determining
* which users have server (OS) accounts
* which users are members of the LeasePak user group ($NSTGROUP).
The users $NSTADMIN and $NSTDBA control security by determining
* which users have DBMS accounts
* which environments/databases users have permissions for
* what type of database permissions users have (read/write nst or read-only nstr)
* which LeasePak client users have explicit access to their server and DBMS account passwords, as well as the various dbo passwords and the password for srvadm (root may also control this).
On the LeasePak client, The lpsuper user or other supervisor controls the privileges of other users through the Security [U0706] update. This update configures the security records for users within a specific LeasePak environment/database--that is, each database in LeasePak contains its own distinct security table and set of records. An administrative user for one LeasePak environment/database will not have access to any other unless nstadmin gives them access to the environment and nstdba grants them access to the database.
Once lpsuper sets a LeasePak client user up with an initial client string password, the user can change the client string (and the corresponding translated passwords) by using Change Password in the LeasePak Options menu. Using Change Password does not reveal the server or DBMS password to the LeasePak client user.
For more information about changing passwords on the LeasePak client, refer to the document LeasePak Basics in the LeasePak Reference Guide. For more information about LeasePak client security, refer to the document U0706 Security in the LeasePak Reference Guide.
LeasePak Utilities |
End of Period Suite II |
End of Period Suite III |
mPower End of Period Suite |
End User Code Objects |
LeasePak Users and Roles |
End User Code Objects
© 2025 NETSOL Technologies. All rights reserved.
The information contained in this document is the sole property of NETSOL Technologies, Inc. Use of the information contained herein is restricted. Conditions of use are subject to change without notice. NETSOL Technologies, Inc. assumes no liability for any inaccuracy that may appear in this document nor does it have the obligation to update any of the information contained herein; the contents of this document do not constitute a promise or warranty. The software described in this document is furnished under license and may be used or copied only in accordance with the terms of said license. Unauthorized use, alteration, or reproduction of this document without the written consent of NETSOL Technologies, Inc. is prohibited.
The information contained in this document is the sole property of NETSOL Technologies, Inc. Use of the information contained herein is restricted. Conditions of use are subject to change without notice. NETSOL Technologies, Inc. assumes no liability for any inaccuracy that may appear in this document nor does it have the obligation to update any of the information contained herein; the contents of this document do not constitute a promise or warranty. The software described in this document is furnished under license and may be used or copied only in accordance with the terms of said license. Unauthorized use, alteration, or reproduction of this document without the written consent of NETSOL Technologies, Inc. is prohibited.