(ORG-8018) Project Protection with Admin Password
We have introduced the concept of Admin Mode to the Origin Project, with an Admin password. Once a project is protected by a password, worksheet and workbook protection features can be accessed only after user has logined with the admin password. We have also added LabTalk access to protect books and sheets.
App Title Bar Indication of Admin Mode
Normally, Origin title bar looks like this
there is a "-" that separates the 32/64 bit and the path of the file. To save space, we are just changing this "-" character to indicate Admin status.
For OPJ file that has added Admin password, the "-" character will be replaced by the "@" character before you enter the Admin password to login, like this
After login, the "@" character is replaced by the "=" character, like this
Admin Mode LabTalk Commands
The following is a listing of the currently supported doc commands control the Admin mode. Text inside square brackets indicate.
| Command | Description | Examples |
|---|---|---|
| Add Admin password password to the project. You will still need to login after adding password to turn on Admin mode. When you do not specify a password, then "origin" is assumed. Not using password will help situation where security is not so much of a concern and not running the risk of forgetting the password used. |
|
doc -pw [password] | login with password, if no Admin password added yet, error message will be shown | doc -pw; doc -pw test; |
doc -pwx | logout, once logout, cannot change anything related to protections | |
doc -pwta | list all the book/sheets with protection turned on | |
doc -pwr [password] | remove password, if no password specified, then must login first to do so, otherwise must give correct password | doc -pwr; |
After a command is entered, you App title will change accordingly, so will the status bar to indicate current status.
Protection Flags
Various objects like worksheet, workbooks can be assigned different protection flags. These flags are listed in the following table
Hex Value | Description |
|---|---|
| 2 | Data: This include all the cells in a worksheet, data cells or label cells |
| 4 | Style: Display style, like the color of the cell, or the cell formatting, this is currently not yet fully implemented |
| 10 | Formula: Column Formula, Analysis Operation, Codes attached to Project etc. (Not Ready) |
| 80 | Structure: This include like the number of rows and columns in a worksheet. inserting, deleting etc. |
| 100 | Rename: For sheet, to prevent user to change a sheet's name |
| 400 | Delete: Prevent the object from being deleted |
Protection Commands
You can use the following labtalk commands to look a sheet of a book. If Admin password has not been set, these commands will work fine. Once Admin password is set, then you must login first before using these commands.
Multiple protection flags can be combined as can be seen in the examples.
There is a general inheritance rule on protection flags. Once you set protection on a book, then all sheets inside the book will inherent the flags from the book. The exception to this rule is Delete, you must separately control book and sheet delete flag, like you may want the book not to allow delete but individual sheet may allow.
| Command | Description | Examples |
|---|---|---|
| set worksheet write access flags |
|
layer -lt | print out current protection flags | |
page -lw n | set workbook write access flags | //the following will prepare the book for locking active sheet but allow analysis results added to book
|
page -lt | print out the current protection flags |
|
Admin Mode and Saving of OPJ
Once a project has Admin Mode enabled, namely Admin password has been set, it can no longer be overwritten from Origin without login. When an Admin enabled OPJ is open and before login, you may modify the OPJ in unprotected area and see the * added to the App title, to indicate dirtiness of the OPJ, but you will not be able to save the OPJ. You can also just exit Origin with a dirty OPJ and will not be prompted to save.
To modify and save an Admin enabled OPJ, you must first login with the Admin password.
Protecting Graphs
Even though the script commands described here were implemented for workbook and worksheet, the Delete flag is general and can be used in graphs as well. For example:
//only graph4 will be kept
repeat 10 {win -t plot};
win -o graph4 {page -lw hex(400)};
doc -e P {win -c};
Script Example
The following script sets up a workbook with a locked data sheet, and the workbook is also protected from deletion. The OPJ can then be saved and shared with others who can view, graph, and analyze the data, but cannot edit or delete. Analysis results need to go to additional sheets, so routines such as Smooth should use settings to send output to another sheet, as the data sheet will be protected in this example from any modifications.
// Import a sample file
newbook;
string fname$=system.path.program$+"Samples\Curve Fitting\Gaussian.dat";
impasc;
// Set password and login - change mypwd to your desired password string
doc -pwa mypwd;
doc -pw mypwd;
// Protect data sheet structure, prevent editing, deleting
lay -lw hex(482);
// Protect page from deletion
page -lw hex(400);
// logout
doc -pwx;
// Now you can save the OPJ and others can view data, graph, and also analyze
// Analysis results can go into new sheets, not new cols in same sheet