Page History

Key Concepts

• *Users

Anyone

• *: Individuals accessing the solution

, either

• in Designer (engineering

(Designer Tool

• ) or

in

• runtime

mode

• (

Displays

• displays)

.

Permissions

Permissions are set levels of access for each user that determine what they can or cannot do within the solution.

Policies

Policies manage requirements on User Identification and Session Control.

RuntimeUsers

These users are created and retrieved from an external encrypted SQL database or other identification servers.

Features Highlights

The Security Module in FactoryStudio provides a range of features to ensure comprehensive security for your projects. Key features include:

• *Permissions*: Access levels determining what users can view, modify, or execute
• *Policies*: Requirements for user identification, passwords, and session control
• *RuntimeUsers*: Dynamic users managed in external databases or authentication servers
• *Permission Groups*: Collections of users sharing common permission sets

What It Does

• Manages user authentication and authorization
• Controls access to engineering and runtime components
• Enforces password policies and session management
• Integrates with Active Directory and LDAP
• Maintains audit trails for compliance
• Supports electronic signatures
• Enables dynamic runtime user creation

Configuration Workflow

Runtime Behavior

Authentication

Users authenticate through local credentials, Active Directory, LDAP, or external databases. Session policies control timeout, concurrent logins, and automatic logoff.

Authorization

Permissions are evaluated at multiple levels:

• Global solution access
• Module-specific operations
• Display and object visibility
• Runtime actions and commands

Audit Trail

All security events are logged including logins, permission changes, and critical operations for compliance tracking.

Features Highlights

• *Group-Based Permissions* - Define access levels by user groups
• *Active Directory/LDAP Integration* - Enterprise authentication support
• *Runtime User Management* - Create/modify users without project changes
• *FDA 21 CFR Part 11 Compliance* - Electronic signatures and audit trails
• *NERC-CIP Support* - Critical infrastructure protection features
• *Multi-Level Security* - Global, module, display, and object-level permissions
• *Session Management* - Timeout, concurrent login, and auto-logoff policies
• *Encrypted Storage* - Secure credential storage in SQL databases
• *E-Signatures* - Electronic signature requirements for critical operations
• *.NET Security Framework* - Built on managed code security guidelines
• *Third-Party Integration* - Connect to external authentication systems

• User Management: Easily create and manage user profiles with customizable access levels to project components.
• Group-based Permissions: Define the access level for each user group within the project.
• Session Policies: Manage user identification and session control requirements.
• Runtime Users: Dynamically add and remove users without needing to modify the project.
• Integration with Active Directory and LDAP: Seamlessly streamline user management across your organization.

Security

FDA 21 CFR Part 11 and NERC 

Our software platform offers various security and compliance features to assist organizations in meeting the requirements of FDA 21 CFR Part 11. It's important to recognize that compliance is a continuous process. Therefore, organizations should consistently monitor and update their systems and policies to ensure alignment with the standards set by the FDA.

Built-in .NET Security 

Our platform’s development relies on .NET and utilizes managed code, adhering to security guidelines. Development with .NET managed code must comply with .NET rules. Specific guidelines are tailored for different modules. For instance, Alarms adhere to FDA guidelines, while Electrical device communications adhere to IEC61850 standards, among others. Below, we'll outline the main FS-Security topics along with some basic information about each.

Group and User Permissions 

Using our platform, you have total flexibility to define privileges based on groups or individual users. Permissions can be set globally or linked to specific displays, objects, or input actions.

Runtime Users 

Easily create users on the fly and store their credentials in SQL databases. You can also retrieve users from Active Directory or third-party systems for integrated security and unified login.

User Policies

We offer a complete set of user management features, including identification policies, session duration control, automated logoff, e-signatures, audit trails, and more.

Redundancy

Hot-standby Fault-tolerant Servers 

Our platform provides reliable and easily configurable redundancy for seamless failover. It automatically initializes and synchronizes the primary and secondary servers. Additionally, setting up redundant physical networks and PLC nodes for device communication channels is straightforward.

Database Redundancy

You can assign the Alarm and Historian database to a third-party external cluster, or they can be automatically replicated when running on the platform’s servers.

Project Configuration Synchronization

The engineering tools offer features that simplify configuration and updates in redundant scenarios.

Hot-swapping

Redundant or stand-alone servers enable seamless switching of project versions, ensuring uninterrupted service for connected clients while maintaining the real-time database loaded.

Redundancy at the Core Level 

All modules, including Real-Time tags, Devices, Alarms, Historian, Scripts, and Clients, were built from the ground up to meet redundancy and hot-swapping requirements.