How to add an external printing form or processing. Pavel Chistov 8.3 safe mode is set operation is prohibited

With the release of the platform 8.3.9.2033, a new mechanism appeared "Protection against dangerous actions".

Thanks to this innovation, 1C now began to swear at the opening of processing (and not only):

Security Warning

Opens "My External Processing" from the file "My_External_Processing.epf"

It is recommended to pay attention to the source from which this file is obtained. If there is no agreement with the source on the development of additional modules, or there are doubts about the contents of the file, then it is not recommended to open it, as this may harm the computer and data.

Allow to open this file?

So 1C decided to fight against malicious code!

Where this “malicious code” will come from at the enterprise is still a mystery)

Potentially dangerous activities include:

• Loading an external report, processing or configuration extension.
• Loading or updating a configuration/extension.
• Access from an external report/processing or extension to the following features:
• Execution of an operating system command.
• User management (recording or deleting information about an infobase user).
• Calling the Connect() method of the manager of external processing (reports).
• Calling the ConfigurationExtension.Write() method.
• Working with COM-objects.

How can this "miracle" be turned off?

To do this, you need to run 1C Enterprise in the configurator mode.
Select the menu "Administration" - "Users".
In the opened window of our users, you need to open the user settings window and on the “General” tab, remove the bird "Protection against dangerous actions"

There are other ways to turn this off:

Implemented the ability to specify a list of infobases, when working with which protection against dangerous actions will be disabled.
This function is controlled by the DisableUnsafeActionProtection parameter in the conf.cfg file, which allows you to disable the mechanism of protection against dangerous actions for all users of certain infobases whose connection strings match the masks specified in the DisableUnsafeActionProtection parameter.

In this parameter, you can specify several masks separated by the ";" symbol, for example:

DisableUnsafeActionProtection=test_.*;stage_.*;

In addition, protection against dangerous user actions can be disabled programmatically, for which the following parameters and properties are available:

• The ProtectionFromDangerousActions parameter of the Connect() methods of external processing managers (reports)
• The SafeActionProtection property of the ConfigurationExtension object before calling the Write() method of this object.

Checking the need for protection against dangerous actions is carried out in the following order:

1. If the "Protection against dangerous actions" checkbox is cleared for the current user, then protection is considered disabled.

2. If the infobase connection string matches one of the templates specified in the DisableUnsafeActionProtection parameter of the conf.cfg file, then protection is considered disabled.

3. If protection is explicitly disabled using the Protection from dangerous actions parameter of an external processing or report.

4. If protection is explicitly disabled using the ProtectionFromDangerousActions extension property.

The fact is that when using the client-server version of 1C, external processing / reports are opened in safe mode, in which the use of privileged mode is prohibited. And the privileged mode is used very often in typical configurations: the formation of printed forms, various service checks (registration of exchanges), etc. As a result, even using a regular report on ACS without a form (by default, the general form "ReportForm" is used) and saving the user settings of the report (in the corresponding directory), you will receive an error about insufficient access rights to various constants and session parameters used for official purposes after line SetPrivilegedMode(True) ;

The "correct" solution would be to connect external processors and reports through the BSP "Additional Reports and Processing" mechanisms with disabling safe mode or adding permissions (in my opinion, from BSP version 2.2.2.1). But if for some reason it is necessary to use external report/processing files, then you can configure the cluster security profile used as the safe mode security profile for a particular infobase.

I would like to note right away that this option is not preferred, but due to various circumstances, it can be used in such a simplified form. For example, I have several databases in different cities, a common local network with strictly limited rights, closed USB, etc., Accounting 2.0 is used somewhere, and somewhere 3.0, I make almost all reports using ACS without forms, so that they opened in both versions. Maintaining all these reports for different versions and different databases is a time-consuming and unpromising task, because there are plans to switch to a single configuration and base ...

We create a profile.
In the cluster console, create a security profile in which we set the flags "Can be used as a safe mode security profile" and " under "Full access allowed:" "to privileged mode".

In many cases of using reports and simple processing, this method will be applicable. For more complex situations, it makes no sense to describe the process, because. it is described in the documentation (the ability to configure security profiles for specific external files by specifying its hash sum, etc.).

P.S. I thought that security profiles function only when using licenses for the platform and server of the CORP level, but this functionality also works on the 1C: Enterprise 8.3 platform (we can conditionally call PROF by analogy with the typical configurations Basic / PROF / CORP)

The fact is that when using the client-server version of 1C, external processing / reports are opened in safe mode, in which the use of privileged mode is prohibited. And the privileged mode is used very often in typical configurations: the formation of printed forms, various service checks (registration of exchanges), etc. As a result, even using a regular report on ACS without a form (by default, the general form "ReportForm" is used) and saving the user settings of the report (in the corresponding directory), you will receive an error about insufficient access rights to various constants and session parameters used for official purposes after line SetPrivilegedMode(True) ;

The "correct" solution would be to connect external processors and reports through the BSP "Additional Reports and Processing" mechanisms with disabling safe mode or adding permissions (in my opinion, from BSP version 2.2.2.1). But if for some reason it is necessary to use external report/processing files, then you can configure the cluster security profile used as the safe mode security profile for a particular infobase.

I would like to note right away that this option is not preferred, but due to various circumstances, it can be used in such a simplified form. For example, I have several databases in different cities, a common local network with strictly limited rights, closed USB, etc., Accounting 2.0 is used somewhere, and somewhere 3.0, I make almost all reports using ACS without forms, so that they opened in both versions. Maintaining all these reports for different versions and different databases is a time-consuming and unpromising task, because there are plans to switch to a single configuration and base ...

We create a profile.
In the cluster console, create a security profile in which we set the flags "Can be used as a safe mode security profile" and " under "Full access allowed:" "to privileged mode".

In many cases of using reports and simple processing, this method will be applicable. For more complex situations, it makes no sense to describe the process, because. it is described in the documentation (the ability to configure security profiles for specific external files by specifying its hash sum, etc.).

P.S. I thought that security profiles function only when using licenses for the platform and server of the CORP level, but this functionality also works on the 1C: Enterprise 8.3 platform (we can conditionally call PROF by analogy with the typical configurations Basic / PROF / CORP)

When you run the Download Documents program as a normal user, an error occurs "Safe mode is set. Operation is prohibited."

This difficulty arises because there are not enough rights to start external processing. To set access rights, go to the database in 1C Enterprise mode on behalf of administrator and go to section User and Rights Settings / Access Group Profiles, click To create a group.

Enter the name of the group and tick the roles available to users of this group -

• Interactive opening of external reports and processing
• Use of additional reports and processing

Click Write and close

Return to the Users menu and select an employee from the list who will work with the Document Upload program. Click Permissions. In the list of profiles, mark the previously created profile. Click burn.

In order for users to start processing, it is recommended to add Document Upload to the list of external processing. To do this, the menu Administration / Printing forms and processing / Additional reports and processing create a new processing. Specify the path to the "DocumentUpload.epf" file and give it a name. Specify the location of the processing in the menu, from where the user can start it in the future, for example, select the menu Reference books

By clicking on the Quick access item, you specify which of the users is available for processing:

After setting, click Write and close. To start processing, users will only need to re-enter the database and open it from the access menu (in the example - Directories) and click Run.

Open Menu - All functions... and find the option "Using security profiles" in the list.

It is enough to uncheck the option "Security profiles are used".

After that, the program will run successfully.

Programmatic discovery of external processing is carried out using the global context object ExternalProcessing, which has the type ExternalProcessingManager. For each operating mode of the 1C platform (regular application mode and managed application mode), different object methods are used to work with external processing.

Starting external processing in normal application mode

In a typical application, you need to use the Create() method of the ExternalProcessing object, which is passed the full name of the externalprocessing file. The method returns an object of type ExternalProcessing, this object is the external processing being opened. If you need to open an external processing form, then call the GetForm() method of the received object, which will return the main form, and then call the Open() method to open it.


Processing = ExternalProcessings.Create(FullFileName);
Processing.GetForm().Open();

In external processing, the main form should always be a regular one, and the managed one should always be an additional one, otherwise the GetForm() method will not work in the normal application mode.

Start external processing in managed application mode

Managed forms mode introduces a separation of the algorithm by execution context. On the client, we get binary data by the full name of the external processing file. We transfer the received binary data to the server and place them in temporary storage. Next, you need to call the Connect() method of the ExternalProcessing object, to which the address to the temporary storage is passed. The method returns the name of the connected external processing. We return the name of the external processing on the client, form a string path to the processing form, and use the OpenForm() method to open the external processing form.

&On server
GetExternalProcessName(BinaryData) Function
AddressInTempStorage = PlaceInTempStorage(BinaryData);
Return ExternalProcessing.Connect(AddressInTempStorage);
EndFunctions

&AtClient
FullFileName = ""; // Full name of the external processing file.
FileData = New BinaryData(FullFileName);
ExternalProcessingName = GetExternalProcessingName(FileData);
OpenForm("ExternalProcessing." + ExternalProcessingName + ".Form");

Safe mode for external processing

The Create() and Connect() methods of the ExternalProcessing object have the SafeMode input parameter, which indicates that external processing is connected in safe mode. If the parameter is not specified, the connection will be made in secure mode.
Safe mode of operation is designed to protect the system from running "untrusted" program code on the server. Potential dangers are external processing or program code entered by the user for use in the Execute () and Calculate () methods.
Safe mode has the following restrictions:

• privileged mode is canceled if it was set;
• attempts to enter privileged mode are ignored;
• operations with COM objects are prohibited;
• loading and connection of external components is prohibited;
• access to the file system is denied (except for temporary files);
• access to the Internet is prohibited.

Processings opened interactively are not executed in safe mode, therefore it is recommended to implement the mechanism for opening external processing in safe mode, as well as to prohibit the user from opening external processing interactively at the rights level.
To prohibit the interactive opening of processings, in all roles assigned to the user, it is necessary to remove the "Interactive opening of external processings" right (see Figure 1).

Figure 1. Rights to interactively open external processing/reports

The "Interactively open external processing" right does not affect the ExternalProcessing object in any way.

Opening external reports programmatically is similar to external processing, but you should use the ExternalReports global context object, which is of type ExternalReportsManager.