New Ranks & Badges For The Community!
Notice something different? The ranks and associated badges have gone "Star Fleet". See what they all mean HERE
Highlighted
376 views

<QC/ALM Support Tip> How to restrict access to the OTA API in ALM 11.x and above

Dear Customers,

 

For various reasons it may be necessary to restrict access to the OTA API in ALM in your organization. In order to do that you should install the ALM client in isolated mode and you should not register it. The isolated (non-registered) client components' install does not register the OTAClient.dll, making the OTA access not programmatically possible from that particular client.
If the ALM client was installed using a .msi file and is currently registered, it will be necessary to uninstall the client by running the .msi again and selecting the “Remove” option. Then you should run the ALM Client Uninstaller which can be downloaded from SSO: http://support.openview.hp.com/selfsolve/document/KM1400068. If using the ALM MSI Generator for future deployments be sure to not check the “Include Component Registration” check box. By doing this the client will not be registered and the OTA access will be restricted.
If the ALM Client was installed and registered using the browser push then uninstall the client using the ALM Uninstaller and then install the client in isolated mode (non-registered) via the browser using the following URL:
http://<server_name>:<port>/qcbin/start_a.jsp . Please note that you should not use “http:// <server_name>:<port>/qcbin/start_a.jsp?common=true ” as this will register the client.
You should also have in mind that with an isolated mode install of the ALM client it will not be possible to use integrations with ALM such as QTP, UFT, Word and Excel add-ins, etc. Only browser access through Internet Explorer or ALM Explorer is possible.
Please also note that restricting client(s) from installing software is recommended to prevent inadvertent registration of the ALM Client where OTA access could then be gained. However in cases where registering the ALM client is required, providing OTA access, measures should be taken to educate and track these users on correct implementation and use of the API.


Thanks,
Hristo
Labels (1)
3 Replies
Highlighted
Absent Member.. Absent Member..
Absent Member..

Is there any discussion on making the OTA access selectable as part of the users role within a project? AT least the ability to restrict the TDAdmin OTA functions would be helpful

0 Likes
Highlighted
Absent Member.
Absent Member.

I'm also curious about this, or other ways of preventing people from using the OTA. The solution outlined above only works when the following conditions are met:
1) Users do not have admin rights to their work computers
2) QC cannot be accessed from non-work computers
a) Personal computers cannot have access to QC
b) Consultants cannot use their own computers
3) QTP, etc. cannot be used

In our use, ideally anyone would be able to run OTA scripts (we have a lot of useful extracts, etc.), but only certain users would be able to write scripts. I don't have the slightest idea how/if you would do that, but that's what I would like. Currently, we are relying on people not understanding how to write an OTA script, or knowing that there is such a thing, so not bothering to try. I think that most people think our reports are magic. 🙂
Highlighted

Unfortunately right now there is no way to disable entirely the OTA API in HP ALM.

However there is an ER already logged for this. You can track its status on the following URL:

http://support.openview.hp.com/selfsolve/document/LID/QCCR1J66330 

 

You can disable the access partially with the following site configuration parameter:

DISABLE_COMMAND_INTERFACE


If this parameter is set to “Y” (default), only users belonging to the TDAdmin group can use the OTA Command object.
More information about this parameter can be found here: http://support.openview.hp.com/selfsolve/document/KM00590512

 

Thanks,

Hristo

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.