On the "Configuration | Server | License Access Permissions" page you define settings managing all client accesses to CodeMeter License Server.

information_weiss_klein26

Please note, that you previously must have configured CodeMeter License Server (CodeMeter.exe) as a network or a CmWAN server ("Server Access").

At the same time, also the license access permissions for localhost are managed.

On access configuration you can select among a basic and an advanced mode.

The basic mode allows adding client computer and IP addresses for accessing CodeMeter License Server.

The advanced mode allows, for example, specifying global and specific access rules for accessing licenses and reserving license access for single staff member or complete Active Directory groups.

Please select the desired License Access Permissions mode.

information_weiss_klein26

Please note that for the operating systems macOS MacOS and Linux LINUX the use of the advanced mode for license access permissions is possible in principle, but that the configuration of group rules is not supported.

However, the operation of Linux/macOS clients on CodeMeter License Servers under Windows is possible, if the clients are located in a Windows domain. Operation from Windows clients to CodeMeter License Servers under Linux/macOS is currently not possible.

Basic Mode

CodeMeter WebAdmin – "Einstellungen | Zugriffsschutz“

Figure 52: CodeMeter WebAdmin - "Configuration | Access Control“

Element

Description

Clients

Shows a list of all client PCs which have the privilege to use CodeMeter License Server, i.e. to allocate a license.

information_grau_klein26

When this list is empty, each CodeMeter client on the network is able to use CodeMeter License Server. This is the default setting.

To add a new client to the client list, please proceed as follows:

1.

Click the "Add" button.
A prompt dialog displays.

wadmin_einstellungen_zugriffsschutz_hinzufuegen_02

2.

Specify the PC name or the IP address of the client in the dialog.

3.

Click the "OK" button.
The PC is now added to the client list.

To remove a client from the list, please proceed as follows:

1.

Click the "Remove" button.
The PC is now removed from the client list

Enable FSB Access

If you own a CodeMeter Firm Security Box (FSB), this option activates the sharing of the FSB on the network. Then the FSB is able to be used by several users, for example, to program CmContainer or automatically protect applications.

information_grau_klein26

This option makes sense only for CodeMeter licensee with an individual CodeMeter Firm Code.

Click the "Apply" button to save the changes you have made. By a previous click on the "Default" button you save the default settings. Then the client list is empty, and the FSB is not available on the network.

information_grau_klein26

When you define access settings, in some cases, this requires the restart of the CodeMeter service. However, you do not have to eject or deactivate the CmContainer. After you specified the settings you are able to stop and then restart the CodeMeter service in CodeMeter Control Center. For non-Windows operating systems see here.

Additional access control of client list via whitelist and Blacklist

Alternatively, you also have the option to create a white or blacklist for the access of clients.

information_weiss_klein26

Please note that on specifying subnet masks only input dividable by 8 is accepted.

This so-called profiling you conduct for different operating systems at the following locations:

Operating System

Profile Creation

WIN Windows

Registry entry in HKLM/SOFTWARE/WIBU-SYSTEMS/CodeMeter/Server/CurrentVersion

MacOS macOS

/Library/Preferences/com.wibu.CodeMeter.Server.ini

LINUX Linux

/etc/wibu/CodeMeter/Server.ini.

The generation of the profile for CodeMeter License Server comprises the following versions (CodeMeter.exe, CodeMeterMacX, CodeMeterLin).

information_weiss_klein26

When you edit the *.ini files in the case of macOS and Linux, you must stop the service CodeMeter License Server before. Otherwise, changes you have been made do not apply.

Parameter

Description

Client<index>=<Subnetz>[,<serial>[,FC[,PC]]]] (Whitelist)

Whitelist:
These parameters hold the IP addresses of client PCs on the network which have the privilege to access the local CodeMeter License Server. When the IP address of a client is not on this list, the access is denied.

If no whitelist exists, no other restrictions apply. The specification of subnets is possible.

The syntax is as follows:
Client<index>=<Subnetz>[,<serial>[,FC[,PC]]]

The serial number has to follow the pattern MaskByte-Serial Number (e.g. 1-1179681).

Example:

Client1=192.168.0.0/24,1-123456,10,13

this addresses all computer ranging from 192.168.0.0 to192.168.0.255 (Class C). Usually are also /8 (Class A) and /16 (Class B).

The serial number, FC, and PC are optional.

information_grau_klein26

This whitelist corresponds to the client list in CodeMeter WebAdmin.

Blacklist<index>=<Subnetz>[,<serial>[,FC[,PC]]]]
[SZ, optional]

Blacklist:
These parameters hold the IP addresses of client PCs on the network which have no privilege to access the local CodeMeter License Server. When an IP address of a client is on this list, the access is denied.

If no blacklist exists, no other restrictions apply.

The syntax is as follows:
Blacklist<index>=<Subnetz>[,<serial>[,FC[,PC]]]

The serial number has to follow the pattern MaskByte-Serial Number (e.g. 1-1179681).

Example:

Blacklist1=192.168.0.0/24,1-123456,10,13

this addresses all computer ranging from 192.168.0.0 to192.168.0.255 (Class C). Usually are also /8 (Class A) and /16 (Class B).

The serial number, FC, and PC are optional.

Advanced Mode

The advanced access control mode allows the controlling of license access using access rules. The license access by single staff members but also of complete Active Directory groups can be organized. The detection of single staff members (user name) and groups happens automatically without any integration efforts. An update control element is available.

WebAdmin_settings_server_access_advancedmode

Figure 53:: CodeMeter WebAdmin - "Configuration | Access Control“ - Advanced Access Control Mode

The advanced access control mode allows the controlling of license access using access rules. The license access by single staff members but also of complete Active Directory groups can be organized. The detection of single staff members (user name) and groups happens automatically without any integration efforts. An update control element is available.

The list of License Access Permissions (access control list) can be exported or imported in a *.json format using the command line tool cmu32.

Two types of access rules exist:

global access rules

specific access rules

The global access rules control the license access to all CmContainer. If specific access rules have been defined, then these are exempted from the global access rules.

The specific access rules control license access to separately specified license entries for ISV or applications (Firm Code, Product Code, Containers). Then the specific access rules are valid and for matching license entries the global access rules are ignored.
Coupled with a limitation of user here also the number of available licenses can be set for each rule, and licenses can be reserved. This can set specific limits e.g. for some departments, while keeping one license reserved for exclusive use.

In some cases, different Product Items with the same Product Code are present, for instance, if the same software was bought with different license options. In such instances, the Product Items can be identified using associated Product Items Text, and rules can be defined for each Product Item.

The following conditions hold true for access rules:

access rules are created, edited and deleted in a separate area or dialogs.

access rules may cover several rules. Rules are processed top-down, which means that the order of the rules is decisive for the result.

access rules conclude with an area defining the default setting for all license accesses which are not covered by rules.

If specific access rules are defined, the most specified available access rules apply. If no rules are configured for the Product Code, the rules for the Firm Code apply. If no Firm Code rules exist, the global rules apply.

Active Direcory

A separate refresh button supports retrieving and thus reading of complete Active Directory groups and users.

information_weiss_klein26

Please note, that you previously must have configured CodeMeter License Server (CodeMeter.exe) as a network server ("Server Access").

WebAdmin_settings_server_access_advancedmode_new_AD

The automatic filling of the drop-down list boxes Users and Groups is done by clicking the button refresh. In combination with a mouse-over pointer to display the tooltip texts, information on the following states is available.

Status

Tooltip Text

Data not yet retrieved

Click button to retrieve data from Active Directory.

Data currently being retrieved for the first time

Retrieval from Active Directory in progress.

Data is available

{x} users / {y} groups retrieved from Active Directory.

Data is available and currently retrieved

{x} users / {y} groups retrieved from Active Directory. Retrieval from Active Directory in progress.

An error has occurred, e.g. Active Directory not reachable.

Error on retrieving data from Active Directory.

Creating the global access rules

In order to create the global access rules to control license access globally for all CmContainer, please proceed as follows:

1.Select the "Global access rules" item in the left tree view.

2.Click the "Add new access rule" button.
A dialog for defining a new rule displays.

CodeMeter WebAdmin – "Einstellungen | Zugriffsschutz" - Globales Regelwerk

3.Click the "Allow" or "Deny" radio button in the area Action to decide, whether the following license access by client is to be allowed or denied.

A client access can be defined by one of the following parameter: Host name, Subnet address User or Group name.

4.Specify the desired parameter in the respective field.
If an active directory is connected, a separate button enables automatic filling of the User and Group fields (see here).

5.Click the "Add" button to add the new rule.
A click on the "Cancel" button cancels the process.

The new rule displays in the right rule view.

If you defined several rules, you may change the rule sequence by using the arrow symbols wadmin_einstellungen_zugriffsschutz_advanced_sortup wadmin_einstellungen_zugriffsschutz_advanced_sortdown. Rules are processed top-down, which means that the order of the rules is decisive for the result.

Using the "Edit" or "Delete" link allows you to modify a completely delete a rule.

6.Define the default setting for all license accesses which are not covered by rules.
You have the option to set the Default action to allow or deny license access.

Click the "Allow" or "Deny" button.

7.Click the "Apply" button in the lower part to save the changes made to the global access rules. Using the "Undo Changes" button reverts the global access rules prior to the modification, and the "Restore Defaults" button applies the default settings.
If you apply the changes made, please restart CodeMeter License Server.

beispiel_en

The figure below shows an example of global access rules. It allows the global license access additionally by a guest user. All other licenses accesses are also allowed, if no specific access rules specify otherwise.

CodeMeter WebAdmin - "Configuration | Access Control“ - advance Mode- global ruleset

Figure 54:: CodeMeter WebAdmin - "Configuration | Access Control“ - advanced Mode- global access rules

Creating specific access rules

In addition to defining the global access rules, you have also the option to control the license access to specific separate license entries. Here you define specific access rules for separate defined Firm Codes, Product Codes or Containers (Serial Numbers).

Firm Code-specific access rules

In order to create specific access rules to control license access to separate Firm Codes, please proceed as follows:

1.Select the "Specific access rules" item in the left tree-view.

2.Click the "Add Firm Code" button.
The dialog for selecting a Firm Codes displays.

CodeMeter WebAdmin – "Einstellungen | Zugriffsschutz" Eintragsspezifisches Regelwerk Firm Code

3.Select the Firm Code and click the "Add" button.
New specific access rules valid for this Firm Code display in the right rule view.

wadmin_einstellungen_zugriffsschutz_advanced_firmcode_10

4.Click the "Add new access rule" button.
A dialog for defining a new rule displays.

CodeMeter WebAdmin – "Einstellungen | Zugriffsschutz" - Globales Regelwerk

5.Click the "Allow" or "Deny" radio button in the area Action to decide whether the following license access by client is to be allowed or denied.

A client access can be defined by one of the following parameter: Host name, Subnet address User or Group name.

6.Specify the desired parameter in the respective field.
If an active directory is connected, a separate button enables automatic filling of the User and Group fields (see here).

7.Click the "Add" button to add the new rule.
A click on the "Cancel" button cancels the process.

The new rule displays in the right rule view.

If you defined several rules, you may change the rule sequence by using the arrow symbols wadmin_einstellungen_zugriffsschutz_advanced_sortup wadmin_einstellungen_zugriffsschutz_advanced_sortdown. Rules are processed top-down, which means that the order of the rules is decisive for the result.

Using the "Edit" or "Delete" link allows you to modify a completely delete a rule.
If you delete Firm Code-specific access rules using the "Delete rule list" button, then also all Product Code-specific access rules - if existing - are deleted.

8.Define the default setting for all license accesses which are not covered by rules.
You have the option to set the Default action to allow or deny license access.

Click the "Allow" or "Deny" button.

9.Optionally, you are able to clone an existing rule set for a Firm Code (FC) 1:1 to another Firm Code.

Click the button "Clone FC rule set" to open a dialog which allows to select a target Firm Code. Clicking the button "Clone" starts the process.

CodeMeter WebAdmin - "Einstellungen | Zugriffsschutz“ - erweiterter Modus-

Clicking the button "Delete FC rule set" deletes all rules.

CodeMeter WebAdmin - "Einstellungen | Zugriffsschutz“ - erweiterter Modus-

information_weiss_klein26

Please note that not only the Firm Code rule set is removed but ALL rules also for any subordinate Product Codes.

10.Click the "Apply" button in the lower part to save the changes made to the global access rules. Using the "Undo Changes" button reverts the global access rules prior to the modification, and the "Restore Default" button applies the default settings.
If you apply the changes made, please restart CodeMeter License Server.

beispiel_en

The figure below shows an example Firm Code-specific access rules. It allows the license access to the complete Firm Code 10 by a guest user and the complete support department. All other licenses accesses are also allowed, if no specific access rules specify otherwise.

CodeMeter WebAdmin - "Configuration | Access Control“ - advanced Mode - specific ruleset - Firm Code

Figure 55:: CodeMeter WebAdmin - "Configuration | Access Control“ - Advanced Mode - Specific access rules - Firm Code

 

Product Code-specific access rules

Specific access rules which refer to Product Codes also offer the option to reserve license accesses to defined clients. This, for example, allows to organize license access for separate departments while at the same time reserving exclusive license access for the heads of departments.

In order to create specific access rules to control license access to separate Product Codes, please proceed as follows:

information_weiss_klein26

Creating a Product Code-specific access rules requires a previously created Firm Code-specific access rules.

1.Select the "Specific access rules" item in the left tree-view.

2.Click the "Add Product Code" button.
The dialog for selecting a Product Code displays.

CodeMeter WebAdmin - "Configuration | Access Control“ - advanced Mode - specific ruleset - Product Code

Checkbox "Distinction based on Product Item Text" .

3.Select the Product Codes and click the "Add" button.
A new specific access rules valid for this Product Code displays in the right rule view.

At the same time, the entry displays information on the License Quantity, i.e. the number of concurrent licenses on a network.
This number is not to be exceeded, if later defining limits to the number of accesses.

CodeMeter WebAdmin - "Configuration | Access Control“ - advanced Mode - specific ruleset - Product Code

4.Click the "Add new access rule" button.
A dialog for defining a new rule displays.

CodeMeter WebAdmin - "Configuration | Access Control“ - advanced Mode - specific ruleset - Product Code

5.Click the "Allow" or "Deny" radio button in the area Action to decide whether the following license access by client is to be allowed or denied.

A client access can be defined by one of the following parameter: Computer name, Subnet address User or Group name.

6.Specify the desired parameter in the respective field.
If an active directory is connected, a separate button enables automatic filling of the User and Group fields (see here).

7.Specify the number of license accesses which can be optionally reserved for a defined client in the field Reserved. The field Limit states the allowed maximum of allocated license accesses by this client. The setting for a reserved license access always available for the client is: Reserved: 1; Limit: 1.

information_weiss_klein26

Please note that in the case of further specific access rules reservations and limits are added. The value of the License Quantity must not be exceeded.

information_weiss_klein26

If a rule applies but according to the limit set no licenses can be allocated by this rule, then it is assumed that the rule does not apply and the next rule is applied.

8.Click the "Add" button to add the new rule.
A click on the "Cancel" button cancels the process.

The new rule displays in the right rule view.

If you defined several rules, you may change the rule sequence by using the arrow symbols wadmin_einstellungen_zugriffsschutz_advanced_sortup wadmin_einstellungen_zugriffsschutz_advanced_sortdown. Rules are processed top-down, which means that the order of the rules is decisive for the result.

Using the "Edit" or "Delete" link allows you to modify a completely delete a rule.
In order to delete a complete Product Code-specific access rules use the "Delete rule list" button.

9.Define the default setting for all license accesses which are not covered by rules.
You have the option to set the Default action to allow or deny license access.

Click the "Allow" or "Deny" button.

10.Optionally, you are able to clone an existing rule set for a Product Code (PC) 1:1 to another Product Code.

Click the button "Clone PC rule set" to open a dialog which allows to select a target Product Code. Clicking the button "Clone" starts the process.

CodeMeter WebAdmin - "Einstellungen | Zugriffsschutz“ - erweiterter Modus-

Clicking the button "Delete PC rule set" deletes the complete rule set for this Product Code.

CodeMeter WebAdmin - "Einstellungen | Zugriffsschutz“ - erweiterter Modus-

11.Click the "Apply" button in the lower part to save the changes made to the global access rules. Using the "Undo Changes" button reverts the global access rules prior to the modification, and the "Restore Defaults" button applies the default settings.
If you apply the changes made, please restart CodeMeter License Server.

beispiel_en

The figure below shows an example of a specific access rules with exclusive access rights (Reserved: 1; Limit: 1) to the Product Code 201000 of Firm Code 10 for a guest user, the complete support department and a Supervisor. 2 license accesses of a total of 5 license accesses (license quantity) remains available and the default license access is defined as allowed.

CodeMeter WebAdmCodeMeter WebAdmin - "Configuration | Access Control“ - advanced Mode - specific ruleset Sample

Figure 56:: CodeMeter WebAdmin - "Configuration | Access Control“ - Advanced Mode - Specific access rules - Product Code

 

Container-specific access rules

Specific access rules which refer to Containers also offer the option to reserve license accesses to defined Containers. This, for example, allows to organize license access for separate departments while at the same time reserving exclusive license access for the heads of departments.

In order to create specific access rules to control license access to separate Containers, please proceed as follows:

1.Select the "Specific access rules" item in the left tree-view.

2.Click the "Add new Container" button.
The dialog for selecting a Container displays.

wadmin_einstellungen_zugriffsschutz_advanced_newcontainerrule

3.Select the Container and click the "Add" button.
New specific access rules valid for this Container display in the right rule view.

wadmin_einstellungen_zugriffsschutz_advanced_newcontainerrule_right

5.Click the "Add new access rule" button.
A dialog for defining a new rule displays.

wadmin_einstellungen_zugriffsschutz_advanced_newcontainerrule_checkbox

6.Click the "Allow" or "Deny" radio button in the area Action to decide whether the following license access by client is to be allowed or denied.

A client access can be defined by one of the following parameter: Host name, Subnet address User or Group name.

7.Specify the desired parameter in the respective field.
If an active directory is connected, a separate button enables automatic filling of the User and Group fields (see here).

8.Click the "Add" button to add the new rule.
A click on the "Cancel" button cancels the process.

The new rule displays in the right rule view.

If you defined several rules, you may change the rule sequence by using the arrow symbols wadmin_einstellungen_zugriffsschutz_advanced_sortup wadmin_einstellungen_zugriffsschutz_advanced_sortdown. Rules are processed top-down, which means that the order of the rules is decisive for the result.

Using the "Edit" or "Delete" link allows you to modify a completely delete a rule.

9.Define the default setting for all license accesses which are not covered by rules.
You have the option to set the Default action to allow or deny license access.

Click the "Allow" or "Deny" button.

10.Optionally, you are able to clone an existing rule set for a Container 1:1 to another Container.

Click the button "Clone Container rule set" to open a dialog which allows to select a target Container. Clicking the button "Clone" starts the process.

wadmin_einstellungen_zugriffsschutz_advanced_cloneContainer

Clicking the button "Delete Container rule set" deletes all rules.

wadmin_einstellungen_zugriffsschutz_advanced_deletecontainerrule

information_weiss_klein26

Please note that not only the Container rule set is removed but ALL rules also for any subordinate Firm Code rule sets and remove the current Container form the configuration.

11.Click the "Apply" button in the lower part to save the changes made to the global access rules. Using the "Undo Changes" button reverts the global access rules prior to the modification, and the "Restore Default" button applies the default settings.
If you apply the changes made, please restart CodeMeter License Server.

beispiel_en

The figure below shows an example Container-specific access rules. It allows the license access to the Container for the complete Firm Code 10 by a guest user and the complete support department. All other licenses accesses are also allowed, if no specific access rules specify otherwise.

CodeMeter WebAdmin - "Configuration | Access Control“ - advanced Mode - specific ruleset - Firm Code

Figure 57:: CodeMeter WebAdmin - "Configuration | Access Control“ - Advanced Mode - Specific access rules - Container