Security module manages user authentication, authorization, and access control.
Modules → Security | Tutorial | How-to Guide | Reference
Security Module Overview
It manages user authentication, authorization, and access control for both engineering and runtime environments, ensuring compliance with FDA 21 CFR Part 11 and other regulatory requirements.
Key Concepts
- *Users*: Individuals accessing the solution in Designer (engineering) or runtime (displays)
- *Permissions*: Access levels determining what users can view, modify, or execute
- *Policies*: Requirements for user identification, passwords, and session control
- *RuntimeUsers*: Dynamic users managed in external databases or authentication servers
- *Permission Groups*: Collections of users sharing common permission sets
- *SecuritySecrets*: Secure credential storage for API keys, tokens, and external service credentials used by scripts and connectors
- *EditSecurity*: Column-level concept controlling which users can edit a given configuration column at engineering time
What It Does
- Manages user authentication and authorization
- Controls access to engineering and runtime components
- Enforces password policies and session management
- Integrates with Active Directory, LDAP, and OIDC/OAuth2 identity providers
- Maintains audit trails for compliance
- Supports electronic signatures
- Enables dynamic runtime user creation
- Stores API keys and external service tokens through SecuritySecrets
Configuration Workflow
Security Module Configuration Workflow | ||
|---|---|---|
Step | Action | Description |
Define Groups | Create user groups | Set permission levels for each group |
Create Users | Add user accounts | Assign users to groups and set individual permissions |
Configure Policies | Set security rules | Define password requirements and session controls |
Setup External Auth | Configure AD/LDAP | Connect to enterprise authentication systems |
Define RuntimeUsers | Configure database | Setup encrypted SQL storage for dynamic users |
Runtime Behavior
Authentication
Users authenticate through local credentials, Active Directory, LDAP, or external databases. Session policies control timeout, concurrent logins, and automatic logoff.
Authorization
Permissions are evaluated at multiple levels:
- Global solution access
- Module-specific operations
- Display and object visibility
- Runtime actions and commands
Audit Trail
All security events are logged including logins, permission changes, and critical operations for compliance tracking.
Features Highlights
- *Group-Based Permissions* - Define access levels by user groups
- *Active Directory/LDAP Integration* - Enterprise authentication support
- *Runtime User Management* - Create/modify users without project changes
- *FDA 21 CFR Part 11 Compliance* - Electronic signatures and audit trails
- *NERC-CIP Support* - Critical infrastructure protection features
- *Multi-Level Security* - Global, module, display, and object-level permissions
- *Session Management* - Timeout, concurrent login, and auto-logoff policies
- *Encrypted Storage* - Secure credential storage in SQL databases
- *E-Signatures* - Electronic signature requirements for critical operations
- *.NET Security Framework* - Built on managed code security guidelines
- *Third-Party Integration* - Connect to external authentication systems
→ Modules / User Interactions / Security Module → Tutorials / User Interactions / Security Module Tutorial → How-to Guides / User Interactions / Security Module How-to Guide → Technical Reference / User Interactions / Security Module ReferenceSecurity Module Links
Explanation - to understand concepts
Tutorials - to learn by doing
How-to Guides - to accomplish specific tasks
Reference - technical details
In this section...