Manage user authentication and permissions.
Tutorials → User Interactions → Security | Tutorial | How-to Guide | Reference
This Tutorial Teaches you to:
- Add user authentication and permissions
- Implement role-based access control
- Protect Commands on Displays
Prerequisites:
1. Create Security Groups
To be able to change Security Permissions, first, you will need to:
- On the top menu, open Actions → Login
- User: Administrator
Password: blank (no pass)
Use Pre-defined Groups
This tutorial is intended to teach, so we are creating new Security Groups. In real-life projects, prefer to use the pre-defined groups (Administrator, Exclusive, User) whenever possible. If you want to skip the creation of new groups and follow the tutorial using the pre-defined ones, that is also a valid learning path.
Navigate to Security → Permissions and configure groups:
| Operators | Supervisors | Administrator | |
|---|---|---|---|
| Run | ToolsSetValues | ToolsSetValues + Shutdown | Unrestricted |
| Edit | Nothing | Everything but Security | Unrestricted |
2. Set Security Policies
Go to Security → Policies and configure an Enhanced policy that will be applied to all users created in this tutorial.
Password Requirements
For the Enhanced policy, open the Identification section and set:
- PasswordMinLength: 8 characters
- PasswordHistory: 3
- Max age: 90 days
- BlockOnInvalidAttempts: 3
Session Settings
For the Enhanced policy, open the Session section and set:
- Auto-logoff: Inactivity
- Timeout: 15 minutes
You can repeat the same procedure to create additional policies (for example, a longer-timeout policy for Supervisors and a no-timeout policy for Administrators) and assign them per user in the next step.
3. Define Users
- Go to Security → Users
- Create users:
| User | Group | Password | Policy |
|---|---|---|---|
| operator1 | Operators | oper123 | Enhanced |
| supervisor1 | Supervisors | super456 | Enhanced |
| admin | Administrator | admin789 | Enhanced |
4. Secure Display Elements
Login Page
By default, the solution already has a default page named LogOn. This page contains the required logic to control user logon on the system once it is running. Feel free to navigate to this display and get yourself familiar with it.
Display Current User
- Go to Displays → Draw → MainPage
- Add a TextBlock:
- LinkedValue:
User: {Client.UserName}
- LinkedValue:
- Run the solution
- Log on using the LogOn page
- Check the user that is currently logged on the solution
Restrict Controls
For critical controls (e.g., setpoint changes):
- Add a TextBox to the MainPage
- Double click the control, go to Dynamics and check Security
- Check Verify Permissions, and set it to Administrator only
- Run the solution
- Log on using the LogOn page with the Operator user and confirm the control is read-only
- To also make the control not visible based on Security:
- Double click the control, go to Dynamics and check Visibility
- Check Hide when security is disabled
- Run the solution
- Validate that the control is hidden based on the logged-in user's security level
→ Modules / User Interactions / Security Module → Tutorials / User Interactions / Security Module Tutorial → How-to Guides / User Interactions / Security Module How-to Guide → Technical Reference / User Interactions / Security Module ReferenceSecurity Module Links
Explanation - to understand concepts
Tutorials - to learn by doing
How-to Guides - to accomplish specific tasks
Reference - technical details
In this section...