Menu
Is free
registration
home  /  Education/ Disable active users 1s 8.3. How to kick users out of the database

Disconnecting active users 1s 8.3. How to kick users out of the database

Hello Dmitry! Please teach me how to expel users forcibly from the database in order to update the configuration. Thanks in advance.

From user: Svetlana Nikolaevna

Hello, Svetlana Nikolaevna!

In order to expel users from the database, you need to have administrator rights.

We go to the section Administration, Support and service:

We choose Blocking users:


From the form, click on the button to view the list of active users.

We fill in the message that users will see on their screens, set the blocking interval (if you do not know the end time, leave the field blank). Set also unlock code since the blocking will also affect your active session, for example, install 1234 .

Push Set lock... A warning message will appear:


We agree. Now in the form it is written in red that the blocking will begin soon.


At this time, active users have the following window:


Closer to the beginning of the blockage, it begins to appear every minute:


The user needs to complete his work in the program and exit. If it does not exit on its own, the program will close automatically. When trying to enter the database, the user will receive the following warning:


The user who has set the lock also receives a message:


Let's leave the base.

Because the blocking applies to all sessions of all users, we need to set the launch parameter (this is where we need Unlock code):



On the second tab, we write the parameter for launching the database (where 1234 is our code):


Click done. Now we can enter both the configurator and the user mode.

To unlock the base, you need to return to the lock form and press Remove the lock.


If the end date of the blocking has been set, then when it occurs, the blocking will end automatically.

Software products based on the 1C platform have many functions, both specialized and applied, that is, administrative. The core functionality (of course, depending on the purpose of the solution) concerns such areas as the purchase of goods, their sale, warehouse, operational and management accounting, accounting, CRM, and in the case of complex solutions - all together.

Naturally, one employee is not able to control all business processes of an organization, even if they are automated. Therefore, administrators of 1C systems have to deal with dozens and hundreds of users working with certain system functionality. Each of them has to set up special rights so that they have at the same time everything and only the documents, functions and reports they need. And here we begin to consider the applied or administrative functionality of 1C solutions, which just includes setting up user access rights.

User settings 1C 8.3

Special objects of the configuration structure - "Roles", are responsible for user rights in 1C 8.3. Most typical configurations already have a specific list of predefined roles created. You can use them when creating accounts and setting access rights for them. If the standard set does not suit you, then you can change it or add your own roles.

Each user can be assigned several roles that are responsible for specific rights. In order to configure the rights of 1C users, you need to find out what roles they have now. This information can be obtained in two ways:

  • Through the configurator. This option is suitable for any configuration;
  • In some configurations, through the "Enterprise" mode.

Run the configurator of your 1C database under a username with full rights and open the "Administration" -> "Users" menu. To find out the rights of a particular user, you need to double-click on the line with his last name and go to the "Other" tab. The checkbox will mark those roles that are available to the user. To add or remove a specific role, change the flags and click OK.



If after the analysis you understand that the standard roles cannot fully satisfy the requirements for the differentiation of rights, then you need to change them. To do this, find the required role in the configuration tree and double-click it to open it. On the left side of the window that opens, you will see a list of all configuration objects. On the right side, the checkboxes mark those actions, the rights to which are assigned in this role, in relation to the selected object on the left.



You can not only give and remove permissions for certain actions with configuration objects by checking and unchecking the checkboxes. In addition, a very convenient mechanism is built into the 1C platform, which is responsible for restricting user rights at the record level - RLS. It allows you to set a condition, only when fulfilled, the user will see the infobase data. Using RLS, user rights in 1C 8.3 can be configured so that, for example, each specific storekeeper will see information only for his warehouse.

Another way to add rights to an object to a user without changing the standard roles is to create a new role. To do this, click on the "Add" button while in the "Roles" configuration branch and name the new object. In the window that opens, on the left, find the required configuration objects, and on the right, set the required rights and restrictions. After saving the new role, you need to update the configuration, go to the list of users and add the new role to specific users.

The responsibility of the administrator of the 1C infobase is not limited to the creation of users and the distribution of rights. Employees can change, responsibilities can be redistributed, and administrators must respond quickly to all these changes. If an employee who performed certain functions in 1C resigned, then it is necessary to disable the 1C user so that former colleagues do not use the account. The list of users, which can be opened in the configurator in the "Administration" menu, will help us with this.


Having opened the 1C user settings, you need to remove the checkboxes responsible for finding the employee's name in the selection list and authentication. Thus, you prohibit logging in under the last name of the departed employee and save the access rights settings in case the employee returns. Also, these settings will come in handy if all powers are transferred to a new employee - you do not have to re-configure the roles.

It is also not recommended to completely delete the user due to the fact that the system contains links to the responsible user in various documents. If you delete an entry, there will be broken links and misunderstandings about who created specific documents, which can lead to confusion. It is much more effective to disable the 1C user from entering the system, and in some cases to completely remove the rights (roles). Also in some companies there is a practice to mark inactive users with a specific icon in the "Name" field, for example: "* IvanovaTP".

In some cases, the 1C administrator may need to urgently "throw out" users from the 1C database. This can be done in two ways:

  1. Through the "Enterprise" mode from a user with administrative rights. Not supported by all configurations;
  2. Through the application server using the 1C server cluster console.

To use the first option, you need to go to "NSI and Administration", open "Service" and run the "Active users" form. We will see a list of active users and on top of the button "End", clicking on which will forcefully end user sessions. In addition, in this list, you can see the computer name and start time, which will help track hung sessions.


The second option for disabling active users requires more attention and responsibility, since most often the cluster console is placed on the application server. If you have access to this server control panel, then you can end the user session in the following way:

  1. Open the cluster console;
  2. We go to the list of infobases and open the sessions we need;
  3. Find the required user in the list;
  4. We call the context menu by pressing the right mouse button, there will be a function - "Delete".


In the 1C platform, developers have a convenient mechanism for setting rights and managing users. Therefore, the described capabilities are available to the owners of all configurations, even those written on their own. Another advantage is the lack of demand for deep knowledge of the 1C system. Any responsible and attentive administrator is able to cope with these operations.

The need to force user shutdown occurs mainly in the following cases:

  • Updating the information base;
  • Adding a new metadata object to the configuration;
  • Carrying out preventive and repair work on the server;
  • A hung user session preventing the application from restarting.

In this article, we will try to tell you how to end a user session, what tools are in the administrator's arsenal to complete this task, what completion options are provided by the file, and which are the client-server version of 1C operation.

It is important to remember that data loss can occur if the session is forcefully terminated. So in order to avoid unpleasant situations, it is advisable to warn users in advance about the disconnection.

Closing sessions from the configurator

When changes are made to the database structure, dynamic configuration updates are not available. And an information window appears on the screen (Fig. 1).

The sequence of actions in this case is obvious:

  1. It is necessary to press the button "End sessions and repeat";
  2. Wait for the database restructuring window;
  3. Click "OK".

It should be noted that changes made to the program code do not require users to shut down; however, without restarting the application on each specific computer, they will not work on this device.

Ending sessions directly from the program

Most of the standard products of the company 1C of the eighth version have a mechanism in their set that allows you to remotely shut down the user without much difficulty and provide the administrator with exclusive access to the database. This is the "Blocking infobase connections" processing.

You can find it at one of two addresses:

  1. In one of the submenus of the "Service" section;
  2. Going to the section Operations-> Processing.

Fig. 2

The appearance of the processing is shown in Fig. 2.

Features of this processing:

  1. Checking and unchecking the checkbox, and clicking the "Record" button enables and disables blocking users, deleting sessions and preventing the creation of new connections;
  2. The blocking end time cannot be empty or less than its start time;
  3. In the case when the parameter "Permission code" is set, it can be written in the startup line, to ignore the blocking, by specifying "/ UC" before the code;
  4. If you do not specify the "Permission code", then before the expiration of the blocking period it will be problematic to get into the database (in the file mode of operation, you can try to delete the 1CVcdn file from the database folder);
  5. If, instead of the parameter "/ UС" and the password separated by a space, you specify "/ CAllowWorkUsers", where C is Latin, you can completely disable blocking for all users;
  6. Pressing the "Active users" button brings up a window with a complete list of users (Fig. 3), from where you can open the "Registration log" or end the session of each specific user.

Fig. 3

The above two options work fine in both file and client-server modes. Further we will consider cases typical only for server work.

Removing users from rdp

It is important to remember that disconnecting user sessions from servers is possible only if you have certain rights to this action.

When working from a remote desktop, you can end user sessions using the standard task manager. Simple interruption of sessions is a bit wrong, but quite effective way.

The second option is to use the task manager - a remote connection with the ability to control each specific session and exit the program according to all the rules. This method is long, and no one guarantees that while one user is logging out, the program will not be launched by some other employee.

Removing users via the server console

Having administrator rights for a 1C server cluster, you must:


Very often, when working in server mode, hung user sessions are not visible by means of the platform; they can be deleted only through the console.

The most radical way to interrupt sessions

A situation when the above methods did not work happens extremely rarely. But if it occurs, there is another radical way to interrupt connections to the database: physically restarting the server.

Of course, users who do not have time to finish their work and save the data will be extremely outraged by such a shameless attitude, but it is fast and extremely effective.

- Vasya, from today you start users!
- But I'm a programmer, not a system administrator ?!
- Sysadmins do not know 1C, so you will start users!
- Aaaaa !!!

A programmer is a person who writes programs for a computer. However, the management of the list of users in 1C is usually entrusted to the one who is associated with 1C, namely the 1C programmer.

In principle, some programmers do not mind, since this gives them some "privileges" in their hands.

Nevertheless, the list of users in 1C does not differ much from the lists of users in other programs. Therefore, creating a new user or disconnecting an existing one is as easy as shelling pears.

1C users

So, 1C has its own list of users. With it, access to the 1C database is regulated. When entering the database, 1C will ask you to select a user from this list and enter a password.

There are options in which 1C does not ask for a username to log in. However, this does not mean anything at all . It's just that in this case, the user from the list is mapped to the Windows / domain user and is automatically detected. How

The only option when 1C does not really ask the user is when creating a new (empty) database. In this case, the list of 1C users is empty. Until the first user is added, 1C will log in automatically. A similar system is used in Windows with one user without a password.

1C users differ from each other:

  • Access rights
  • Interface (available in the menu items).

As such, there is no "superuser" or "group of administrators". An administrator is the user who has all rights in the configuration and administration rights enabled. In an empty database (when the list of users is still empty), this user should be added first.

Two lists of 1C users

In fact, 1C has two lists of users. One of them (the list of 1C users) is "real" from the programmer's point of view. It is located in the configurator. It is according to him that 1C determines the user.

This is the approach of old typical configurations (for example, trade management 10, accounting 1.6, etc.) - users are edited in this list, and they are automatically added to the user guide when they first log in.

The second (users of version 1C 8.2, "not real") is the users directory (and the external users directory, as in ut 11). The reference book existed before, but the approach of the new typical configurations is that users start in it, and they automatically enter the "real" list.

The main byaka of this approach is that those who do not like to work this way and want to do it the same way - they cannot do this, since certain fields are filled in at the institution, and if you add a user with pens in the list, then they will no longer be picked up in the reference book automatically.

How to add a user to the list of 1C users

So, the list of 1C users is in the configurator. and open the Administration / Users menu.

To add a user, you must press the add button (or Ins from the keyboard). If the list is now empty, then the first user must have administrative rights (see below).

  • Name - username (which he will choose when entering 1C)
  • Full name - reference name, does not appear anywhere
  • Password
  • Show in picklist
    o if the checkbox is checked, then the user will be in the selection list when entering 1C
    o if the checkbox is not checked, then the user will not be in the selection list (that is, it cannot be selected), but you can enter his name from the keyboard and enter
  • Operating system authentication - can be associated with a Windows / domain user and this user will not need to enter a password (it will log in automatically).

On the Other tab, you can select the rights and basic settings of the user.

  • The main interface is a menu that will be available to the user (used only in the thick client)
  • Russian language
  • [Main] Startup mode - thick or thin client, using this parameter you can enter the configuration of the thin client - thick and vice versa
  • Available roles (user rights).

User rights in configurations are usually divided into blocks ("roles"). In the old configuration approach, they were broken down by user positions (cashier, manager, etc.). This approach has a drawback - since in different organizations the cashier and manager may have different functions.

Therefore, in the approach of new configurations, they are broken down by actions (access to closing the month, access to cash transactions). That is, a set of operations is set for each user.

In both cases, you have basic access rights to enter the program. In the old approach, this is:

  • User
  • Full Rights (for administrator).

In a new approach, these are:

  • Basic Rights
  • Basic Rights
  • Launching Thin Client - plus LaunchingXxxClient to launch others
  • SubsystemXxx - a check mark for each subsystem (tab in the interface) that the user needs
  • Full Rights (for administrator, not Administration!).

PS. Basic rights are not required for external users.

How to add a 1C user - 1C 8.2 users

The list of 1C 8.2 users in the new version is located in 1C (in 1C Enterprise mode), in the Users and External users directories (only if the configuration supports). The difference is that you should not create users in the configurator, but in this guide, and they will be automatically sent to the configurator.

If you are using a thin client, see the Administration tab of the desktop. Otherwise, open the User directory, for example, through the Operations menu.

Click the Add button (or Ins from your keyboard). For you to manage the list of users, you must have the FullRights rights enabled.


Unlike the first approach, here you do not directly specify each right (role) to the user, but specify the groups of rights (user groups).

The User groups reference contains a profile that defines a set of rights (roles). In the User group profiles reference, you can change or add such sets of rights (roles).

1C user settings

In some configurations (especially in the configurations of the old approach), it is not enough to create a user. Additionally you need:

  • Login for the first time in the system
  • After that, find the user in the user guide
  • In the form of the reference press (options "or")
    o Menu Go / User Settings
    o Menu Additional information / User settings and Additional user rights
    o In some configurations, this is a plate directly in the user form
    o In some configurations the global menu of the program Service / User Settings
  • Configure additional settings / user rights that define autocomplete fields and some access.

How to disable a 1C user

[Temporary] user disconnection is not provided in most configurations. Here are the variations you can use to achieve this result.

Old approach configurations (via configurator):

  • Delete user
  • Change password
  • Remove the role User (will not be able to log in).

New Approach Configurations (Through Enterprise):

  • Uncheck the Access to inf. base allowed
  • Change password
  • Exclude from all access groups.

Active users of 1C

1C allows you to find out the list of users who are currently in the database.

To do this, in Enterprise mode, select the Tools / Active Users menu (thick client, administrative interface). In the thin client - the Administration tab, on the left Active users (maybe in See also).

In the Configurator mode, select the Administration / Active users menu.

Disconnecting 1C users

As you know, in order to update the database (configuration), it is necessary that all users exit 1C (not in all cases, but often required).

Users do not like to go out (this is a fact). And if you ask them by phone, they will surely come back in 30 seconds. With 200 users, it becomes a lot of fun.

Therefore, there are three ways to disconnect users from 1C:


Administration and control of 1C 8.3 users is an integral part of the implementation and support of any 1C software product. In fact, this is not a difficult task, and, I am sure, anyone can handle it without any problems. Let's consider the process of administering 1C users in more detail.

User management in 1C is a fairly simple and intuitive process, but it still needs a description.

Conditional administration and control includes:

  • user creation;
  • setting user rights;
  • viewing active users;
  • analysis of user actions.

Let's consider each of these points in more detail:

Creation and installation of user rights 1C 8.2

Depending on the configuration, users are entered either in the configurator or in user mode. Almost all modern configurations support user input in 1C: Enterprise 8. Also, in 1C: Enterprise, as a rule, additional user parameters are entered.

However, regardless of the configuration, the first user with administrative rights is always entered in configurator mode. Therefore, we will cover both modes of user input.

Entering users in the Configurator

To enter the 1C Configurator mode, select the Configurator option in the base selection list:

After logging in, select the Administration - Users items in the menu. A list of users will open, if you create the first user, it will be empty. Add a new user "Administrator":

On this page, you must specify the user settings:

  • Name and Full name- user name.
  • If the flag is set Authentication 1C: Enterprise, then items will become available Password(the password that is used to enter 1C), User is prohibited from changing password(makes it possible for the user to change the password in user mode), Show in picklist(makes the selection of the user in the list available, otherwise the username must be entered manually).
  • Operating system authentication - flag responsible for the ability to authorize using the operating system username. User- username of the information system (for example, \\ dom \ kirill, where dom is the network domain, and kirill is the OS username). At startup, 1C first checks authorization through the OS, and then authorization 1C 8.2.
  • OpenID Authentication- enabling the possibility of authorization using OpenID technology ... OpenID is an open, decentralized system that allows a user to use a single account to authenticate across multiple unrelated sites, portals, blogs and forums.

Get 267 1C video tutorials for free:

In the tab Other you need to specify the appropriate roles for the user (). In our case, we will indicate for the administrator Full rights... For other users, the required roles can be flagged here. User rights are summarized from the available objects of different roles. Those. if a user has two roles selected, one has access to the Nomenclature catalog, and the second does not have access. For any user without "Full rights" the "User" role must be installed(if present).

Also on this tab you can specify Main interface(only works for regular forms). Default language- if the configuration is developed in several languages. Launch mode- a managed or regular application.

Creating a user in 1C Accounting 2.0

After a user with full rights is registered in the system, users can be entered in 1C: Enterprise mode. For example, let's create a user in the most common configuration - Enterprise Accounting 8.2.

To do this, select the item in the menu Service - User and Access Management... The "Users" directory will open. Create a new user:

Fill in the information about the user and his main ones, click the "OK" button: the system will offer to automatically create a database user:

You must agree, the new database user form will be displayed:

That's all! The creation of the user and the assignment of rights to him is completed.

Viewing active users in the 1C database

To view the users working in the database in 1C: Enterprise mode, select the item Service - Active users... A list of users working in the database will open:

How to disable users in 1C 8.3 and 8.2

You can disconnect an active user in the 1C database in two ways:

  • in the program interface (for configurations 1C Accounting 3.0, Trade Management 11, etc.);
  • via the server cluster console (available only in the client-server mode of operation).

From the interface

In user mode, you can throw out a hung user by going to the "Administration" - "Support and maintenance" menu, then selecting the "Active users" item:

Select the desired user in the list and click the "Finish" button.

From the cluster console

If you have access to the administrative panel of the 1C server, you can end the session using it. We go into the console, find the hung user in the Sessions menu, call the context menu and click Delete:

User control 1C 8.3

To view the history of user work, go to the menu in the item Service - :