the Internet Windows Android
Expand
the main

COM Installed Safe Mode Performance Prohibited. Software opening external processing

The fact is that when using a client-server version of 1C, external processing / reports are opened in a safe mode, which is prohibited to use the privileged mode. A privileged mode is used very often in typical configurations: the formation of printed forms, various service checks (exchange checks), etc. As a result, even using the usual report on the CCM without a form (by default, the shared form "form date" is used) and saving user report settings (to the appropriate directory), you will get an error about the insufficiency of access rights to various constants and session parameters used for service purposes After string Establishly deregulated (truth);

The "correct" solution will be the connection of external treatments and reports through the "Additional Reports and Processing" BSP mechanisms with disabling the safe mode or by adding permits (in my opinion, from the BSP version 2.2.2.1). But if for some reason you need to use external reports / processing files, you can configure the cluster security profile used as a secure mode security profile for a specific information base.

I would like to immediately notice that this option is not preferred, but by virtue of different circumstances, you can use it in such a simplified form. For example, I have several databases in different cities, a common local to sit with rigidly limited rights, closed USB, etc., is used somewhere in Accounting 2.0, and somewhere 3.0, almost all reports I do the means of CCM without forms that They opened in both versions. To serve all these reports for different versions and different bases, the case is laborious and unpromising, because The plans are the transition to a single configuration and database ...

Create a profile.
In the cluster console, create a security profile in which you install flags "Can be used as a security profile of a secure mode" And "in the section" Allowed full access: " "To the privileged mode".

In many cases, the use of reports and simple treatments this method will be applicable. For more complex situations, it makes sense to describe the process, because It is stated in the documentation (the ability to configure security profiles for specific external files through the indication of its hash-sum, etc.).

P.S. I thought that security profiles function only when using licenses for the platform and server-level server, but this functionality works on the 1C platform: Enterprise 8.3 (conditionally can be called prof similar with the standard configurations Basic / Prof / Corp)

When you start the program, downloading documents under the usual user error occurs "Installed Mode. Performing operation is prohibited."

This complexity occurs because To start external processing is not right. To configure access rights, go to the base in 1C mode on behalf of Administratorand go to the section User settings and permissions / access group profiles,click To create a group.

Enter the name of the group and check the roles available to users of this role.

  • Interactive opening of external reports and treatments
  • Using additional reports and treatments

Click Record and close


Return to the Users menu and select an employee from the list that will work with the program Loading Documents. Click Access Rights. In the list of profiles, mark the earlier profile. Click Record.


For users to start processing, it is recommended to add downloads to the list of external processing. To do this in the menu Administration / Printed Forms and Processing / Additional Reports and Processing Create a new processing. Specify the path to the "Download .epf" file and assign a name. Specify the placement of processing in the menu, from where the user can run it later, for example, select Menu Directories

By clicking on Quick Access, you specify that processing is available from users:


After setting, click Record and close. To start processing, users will sufficiently go to the database and open it from the access menu (in the example - reference books) and click Perform.


Open Menu - all functions ... And locate the Safety Profiles in the list.


It is enough to remove the flag from the option "Use security profiles".


After that, the program will start successfully.

The software opening of the external processing is carried out using the global context object of external processing, which has a type External processingmen. For each 1c platform mode (normal application, and managed application mode), various object methods are used to work with external processing.

Start external processing in normal application mode

In the usual application, you must use the Create () Object Object, which passes the full name of the external processing file. The method returns the type object External processing, This object is open external processing. If you want to open the external processing form, then the obtained object is called the Options () method (), which will return the basic shape, and then call the Open () method for opening it.


Processing \u003d external processing. Create (full);
Processing. Forecorm (). Open ();

In external processing, the main form should always be the usual, and the optional optional, otherwise the Options will not work () in the usual application mode.

Run external processing in managed application mode

In the mode of controlled forms, the algorithm is separated by the context of execution. On the client we get binary data on the full name of the external processing file. We transmit the received binary data to the server and put them in a temporary storage. Next, you need to call the connection () object of the external processing object in which the address is transmitted to the temporary storage. The method returns the name of the connected external processing. Return the name of the external processing to the client, form a string path to the processing form and using the openform method () open the external formation form.

&On server
Function to be obtained by appearances (binary)
AddurbationRexuality \u003d Position-based reserve (binary);
Returning external processing. To connect (addresseed by time);
Endfunction

& Svalette
Fullness \u003d ""; // The full name of the external processing file.
Puttails \u003d New bichelted (full);
Imaging \u003d reconnecting (spelling);
Openform ("external processing." + Imaging + ".Form");

Safe mode for external treatments

Methods to create () and connect () Object external processing have the incoming security parameter - a sign of connecting external processing in safe mode. If the parameter is not specified, the connection will be implemented in safe mode.
Safe operation mode is designed to protect the system from executing the "unreliable" program code on the server. Potential danger represent external processing or program code entered by the user to use in the methods to perform () and calculate ().
The following restrictions are superimposed in safe mode:
  • the privilege mode is canceled if it was installed;
  • attempts to go to the privileged mode are ignored;
  • prohibited operations with COM objects;
  • it is forbidden to download and connect external components;
  • prohibited access to the file system (except temporary files);
  • forbidden access to the Internet.
Processing, open interactively, not performed in safe mode, so it is recommended to implement the opening mechanism of external treatments in safe mode, as well as at the level of rights to prohibit the user an interactive opening of external treatments.
To prohibit the interactive opening of treatments, in all roles assigned to the user, it is necessary to remove the right "interactive opening of external treatments" (see Figure 1).
Figure 1. Interactive opening rights of external treatments / reports
The right "Interactive Opening External Processings" does not affect the external processing facility.

Software opening of external reports, similar to external treatments, only the object of the global context should be used, which has a type Foreign trade.

On the example "Trade Management 11.3" Example Consider a simple process of connecting an external printed form. We will also consider the features of a new security system.

Fast passage

Preliminary actions

To begin with, you should enable functionality or check its availability

1. Go through full rights to the information base.

2. Go to the "NSI and Administration" menu / Administration unit / Team "Print forms, Reports and Processing".

Addition

In the section that opens:

We add the processing over the "Create" button (this is important) or "update!" existing:

  • It is highlighted in the list (if not allocated or empty, the team will not work, but nothing will say).
  • Press the "Download from the file" button.

After the appearance for 1C in external processing, security checks appeared in new configurations.

Only the processing should be installed independently or obtained according to the known communication channels (not from mail, only from the site with a valid certificate, or provided by the developer employees confirmed by the phone).

If everything is written in processing by the developer, "placement" will be installed - objects in which processing will be involved, the command (s) will appear.
To work, it will be enough to click "Record and Close".

Check

Immediately after that, depending on the type of processing:

  • Printing form becomes available when opening a document or from its list (for already open when re-opening) via the "Print" button.
  • Processing Available in "Advanced Processing" sections in each subsystem
  • Fill over the button "Fill" the list or the main command panel of the object form.

For the above processing, the launch will look like this:

If the document is new, it should be recorded, the mechanism of external treatments will warn you about this:

Further behavior depends on the laid functionality: it is possible to open the form or simple data processing.

Security Warnings in 1C

In the new releases of the platform and configurations, protection against the launch of malicious programs has increased.

The processing may be running Excel to download, in this case the new security subsystem will also warn you:

In this case, the handler code is interrupted.

In case you click "Yes", the system will ask you to re-call the command:

For the user of the information base, it is possible to disable the protection against dangerous actions through the "Configurator":

From the "Enterprise" mode, it is impossible to change this, perhaps it is done specifically, it may appear after the update.

It should also be noted that if the processing uses Excel, it must run in unsafe mode (so it was before the introduction of the new system, it works in parallel):

"Unable to download MS Excel !!!" "Installed safe mode. Performing operation is prohibited

In external processing it looks like this:

The developer follows in the internal description of the processing to install it in "Lie", then everything will be fine:

Function information for information () Export parametersEregistration \u003d new structure; Parametersregistration. Hold ("Safety", lie);

When updating the configuration, a warning text has also appeared on the source from which the configuration file was obtained:

Printing (Ctrl + P)

Configuration objects

If you need to use on the "unreliable" program code: external processing or program code entered by the user to use in methods to perform () and calculate (), you can use the secure mode of operation.

In safe mode:

  • Privileged mode canceled.
  • Transition to privileged mode ignored.
  • Forbidden Operations leading to the use of external means in relation to the "1C: Enterprise" platform (including non-blocking analogues of these methods):
  • COM mechanisms:
    • COMBACK ();
    • Get process object ();
    • ShellHTMLOV. FocusCheckCext ().
  • Loading external components:
    • Download ();
    • Connectively compound ().
  • File System Access:
    • ValiNew ();
    • CopyFile ();
    • Combined ();
    • Movefile ();
    • Divided file ();
    • Create Catalog ();
    • Delete files ();
    • New file;
    • New xbase;
    • RecordingHTML.Openfile ();
    • ReadingHTML.Openfile ();
    • ReadingXml.Openfile ();
    • RecordingXml.Openfile ();
    • ReadingFastInfoset.Openfile ();
    • RecordFastInfoset.Openfile ();
    • Canonical recordingXML.Openfile ();
    • TransformationXsl. Zaporizifile ();
    • Recordzip File. Open ();
    • Reading feedfail. Open ();
    • New readetexte () if the first parameter is a string;
    • Readetetextsext. Open () if the first parameter is a string;
    • New post station () if the first parameter is a string;
    • Posttext.Open () if the first parameter is a string;
    • New extractionethexte ();
    • changing the removal properties. IMAFILE;
    • Extractionequexsta. To recruit ();
    • New picture () if the first parameter is a string;
    • Picture. recruit ();
    • New binary ();
    • Bicked. Request ();
    • New recorded () if the first parameter is a string;
    • New reading (), there is the first parameter - string;
    • all methods of the object of manageflows;
    • New file reader ();
    • FormattedDocument. To recruit ();
    • Geographicalshema. Up ();
    • Geographicalsham. recruit ();
    • Geographicalsham.nice ();
    • Tabdocument. Up ();
    • TabDocument. To recruit ();
    • Tabdocument.Nach (); Graphichema. Up ();
    • Graphichema. recruit ();
    • Graphichema.Nach ();
    • Text document. Up ();
    • Text document. To recruit ().
  • Internet access:
    • New intercation,
    • New online pub
    • New online business
    • New httpsignation
    • New FTP connection.

ATTENTION! When performing prohibited operations during execution, an exception generates.

Note. External reports and processing, opened using the File - Open menu, are executed in safe mode if the user does not have administrative access rights.

The amount of secure mode inclusions must match the amount of shutdowns. However, if the safe mode (once or more) was turned on inside the procedure or function, but it did not turn off, the system will automatically shut down as many times as unfinished inclusions was in the ledmed procedure or function.

If in the procedure or function call functions Install savo-saving (lies) Made more than method calls Install savo-saving / truth)The exception will be caused.

The software installation of the secure mode may be required if the configuration developer involves the use of third-party (relative to the configuration) of the program code, the reliability of which the developer cannot guarantee. An example of such a code is to execute methods () and calculate () in cases where the executable code is obtained from the outside world. In this case, a good practice will be the installation of a secure mode before performing these methods:

// A program code is generated, which should be executed // It is possible that the code is loaded from external sources // or manually executed executableCode \u003d receiving bodiesCodiznegomir (); // turn on the safe mode of the security-space (truth); // Perform a potentially dangerous code to perform (executablecode); // Turn off the secure mode of the security-saving / lies);

In some cases, the secure mode settings can conflict with the settings of the privileged mode. An example of such a conflict acts on the document for which the Privilege Privilege Protection Property property has been established, from the code in the embedded language, which is performed in safe mode. In this case, the privileged mode is turned off, and attempts to enable it are ignored. As a result, the code in the embedded language, which "calculates" on the included privileged mode, "faces" with its absence, which leads to errors with non-obvious reasons for the appearance. To prevent such a situation, the system "1C: Enterprise" automatically disables the secure mode for event handlers that are available in the object module or the manager module, provided that the executable code in the embedded language is not located in the configuration expansion. Such handlers are noted in a syntax-assistant in a special way.

It is also possible to disable secure mode from the embedded language (if the program code from which the trip attempt is performed is not in the configuration expansion). To disable secure mode, the method is designed InstallingClovesContactsAnd (). Check that the safe mode is currently disabled (automatically or by calling the method), you can using the method Opening powerless protection ().

Within the framework of the same method, the embedded language cannot be more than one level of nesting the safe mode setting (by calling the installation method ()) and setting off the secure mode (automatically at the time of the event handlers of the metadata objects or the method of establishing the power-sensing method ()). When trying to increase nesting, an exception is generated:

// Correct use of the NameProcessary Procedure () Installation Safety Control (Truth); Establish savo-saving (truth); Install savo-safe (lies); Installing powerless protection (false); Extrudresses // Incorrect use of the nameProcessary name procedure () Install the powerlessness of the Safety Control (Truth); Establish savo-saving (truth); Installing powerless protection (false); // Exception ExtraConditions Procedure NameProcessor () InstallationScatter (Truth); Installing powerless protection (false); // Exclusion Extrudruces

Did not find an answer to your question? Look at here
Extension to work with files in the web clientExtension to work with files in the web client
Error correctionFixing the error "Server refused access via POP3" when connecting Gmail mail!
1 does not start on windows 101 does not start on windows 10