Security policies allow administrators to configure user identification, e-signature, and session management settings to ensure security compliance. The purpose is to define and enforce security rules. Main functionalities include setting password requirements, enabling e-signatures, and controlling session timeouts. Applications involve creating policies for user access control in solution environments.
On this page:
| Table of Contents | ||||
|---|---|---|---|---|
|
Configuring Policies
On Security → Policies, there are three main configuration columns that can be important for CFR 11 compliance.
Pre-defined Policies
The platform comes with a few predefined policies that you can use, or you can create your own.
Default
Enhanced
Critical
Policies (Reference) enforce password requirements, electronic signatures, and session management rules for regulatory compliance and security best practices.
ecurity Policies provide:
- Password complexity requirements
- Electronic signature validation
- Session timeout management
- Account lockout rules
- Password aging controls
Policies enable FDA 21 CFR Part 11 compliance and other regulatory requirements.
Pre-Defined Policies
Three standard policies are configured:
| Policy | Use Case | Typical Settings |
|---|---|---|
| Default | Standard operations | Basic password, no timeout |
| Enhanced | Elevated security | Complex password, session timeout |
| Critical | Regulatory compliance | Strong password, e-signature, strict timeout |
Configuration Properties
| Property | Description | Required |
|---|---|---|
| Name | Unique policy identifier | Yes |
| Identification | Password and account rules | Yes |
| ESign | Electronic signature settings | No |
| Session | Timeout and auto-logoff | No |
| Description | Documentation text | No |
Identification Settings
Password and account management rules:
Password Requirements
| Property | Description | Range | Default |
|---|---|---|---|
| PasswordMinLength | Minimum characters | 0-128 | 0 (no limit) |
| PasswordHistory | Previous passwords to remember | 0-5 | 0 |
| MinPasswordAge | Hours before change allowed | 0+ | 0 |
| MaxPasswordAge | Hours until expiration | 0+ | 0 (never) |
Account Security
| Property | Description | Range | Default |
|---|---|---|---|
| UserNameMinLength | Minimum username length | 0-128 | 0 |
| BlockOnInvalidAttempts | Failed logins before lockout | 0+ | 0 (no limit) |
| BlockAging | Hours until auto-unlock | 0+ | 0 (manual) |
| AllowPasswordChange | Users can change own password | Yes/No | Yes |
| AllowShareUser | Multiple concurrent sessions | Yes/No | Yes |
E-Signature Settings
Electronic signature requirements for critical actions:
| Property | Description | Use Case |
|---|---|---|
| Enabled | Require e-signature | FDA compliance |
| TimeoutMinutes | Signature validity period | Re-authentication frequency |
Configuring E-Signature
- Enable in policy settings
- Set timeout (e.g., 60 minutes)
- Assign policy to users
- Enable on controls requiring signature
Example:
csharp
// Check if e-signature required
if (@Security.Policy.ESign.Enabled)
{
// Prompt for password
if (!@Security.ValidateESignature())
{
return; // Action cancelled
}
}Session Management
Automatic logoff configuration:
| Property | Description | Options |
|---|---|---|
| AutoLogOff | Logoff trigger | None, Inactivity, Duration, Both |
| InactivityMinutes | Idle time before logoff | 1-9999 |
| DurationHours | Maximum session length | 1-9999 |
AutoLogOff Modes
| Mode | Behavior | Use Case |
|---|---|---|
| None | No automatic logoff | Dedicated stations |
| Inactivity | Logoff after idle time | Shared workstations |
| Duration | Logoff after time limit | Shift changes |
| Both | Either condition triggers | Maximum security |
Applying Policies
Assign to Users
- Navigate to Security → Users
- Select user row
- Set Policy column
- User inherits all policy settings
Runtime Behavior
csharp
// Get current user's policy
string policyName = @Security.CurrentUser.Policy;
// Check policy settings
var policy = @Security.Policies[policyName];
bool requiresESign = policy.ESign.Enabled;
int passwordMinLength = policy.Identification.PasswordMinLength;Compliance Scenarios
FDA 21 CFR Part 11
Policy: Critical
Identification:
- PasswordMinLength: 8
- PasswordHistory: 5
- MaxPasswordAge: 2160 (90 days)
- BlockOnInvalidAttempts: 3
ESign:
- Enabled: True
- TimeoutMinutes: 30
Session:
- AutoLogOff: Both
- InactivityMinutes: 15
- DurationHours: 12High Security Environment
Policy: Enhanced
Identification:
- PasswordMinLength: 12
- AllowShareUser: False
- BlockOnInvalidAttempts: 5
- BlockAging: 24
Session:
- AutoLogOff: Inactivity
- InactivityMinutes: 10Best Practices
- Start with pre-defined - Modify existing policies
- Document requirements - Clear compliance needs
- Test thoroughly - Verify all settings work
- Train users - Explain policy changes
- Regular reviews - Update as needed
- Gradual implementation - Phase in restrictions
- Monitor compliance - Track violations
Troubleshooting
Account locked:
- Check BlockOnInvalidAttempts
- Verify BlockAging timeout
- Administrator unlock required
- Review failed login attempts
Password rejected:
- Check PasswordMinLength
- Verify against PasswordHistory
- Confirm MinPasswordAge not violated
- Review complexity requirements
Unexpected logoff:
- Check Session settings
- Verify InactivityMinutes
- Review DurationHours
- Check client activity detection
E-signature issues:
- Verify policy enabled
- Check timeout not expired
- Confirm user has password
- Test signature validation
In this section...
| Page Tree | ||||
|---|---|---|---|---|
|
In this page:
Table of Contents maxLevel 2 minLevel 2 indent 10px exclude Steps style none
Security Policies Properties Overview
Column | Description |
|---|---|
Name | Enter a name for the policy. The system allows you to know if the name is not valid. |
Identification | Select the password rules for both editing a project and accessing the runtime.
|
Esign | For runtime only. Select to enable a timeout for the runtime login. Enter the timeout period in minutes.
|
Session | For runtime only. Use to enable a timeout for the runtime session. Select what will cause an automatic logoff, then enter the appropriate values for InactivityMinutes and DurationHours. This setting only logs the user off. The application continues to run.
|
Description | Enter a description for the policy. |
Identification Properties
Contains several password configuration options, detailed below:
Security Identification Properties | |
|---|---|
Property | Description |
AllowPasswordChange | Indicates if a user, other than an administrator, can change its own password. |
PasswordMinLength | Minimum character length for password (0 means no restrictions). |
BlockOnInvalidAttempts | Maximum number of login attempts before blocking user (0 means no restrictions). |
AllowShareUser | Indicates if user can be shared between stations. |
UserNameMinLength | Minimum character length for username (0 means no restrictions). |
PasswordHistory | Remember last passwords (Range: 0-5). |
MinPasswordAge | Minimum password age in hours (0 means no restrictions). |
MaxPasswordAge | Maximum password age in hours (0 means no restrictions). |
BlockAging | Maximum blocking age in hours (0 means no restrictions). |
Esign properties
When enabled, a password will be requested for Action Dynamics with eSign. The password remains valid for a specified timeout time (in minutes).
Security Esign properties | |
|---|---|
Property | Description |
Enabled | Password will be requested for Action Dynamics with eSign is enabled. |
TimeoutMinutes | Timeout in minutes for password with eSign to remain valid. |
| Tip | ||
|---|---|---|
| ||
Configure the Security > Policies > ESign, enable and set the TimeoutMinutes (e.g.: 1 min). Then, in the Security > Users, set the configured Policy for the User you want. So, open the Draw section, double click in any TextBox object and enable the Security dynamic, now check the ESign required checkbox. Save and Run. Then, log in with the User you set up the configured Policy, and when the timeout minutes expire one dialog to entry the password will appears. |
Session properties
User can be logged off according to a determined Inactivity Time (in minutes) and/or after a maximum session duration (in hours).
Security Session Properties
Property
Description
AutoLogOff
None
Inactivity
Duration
Both
InactivityMinutes
Inactivity Time (in minutes).
DurationHours
Inactivity Time after a maximum session duration (in hours).
To apply a created session configuration to a User, go to Security → Users (Policies Columns), and select the desired option.
Properties Reference
The Properties References present a reference that describes and explains the properties for Security Policies. The table lists all properties available for the configuration item. However, not all properties described in the documentation are displayed in the data grids by default. Right-click column headers to see which property columns are currently displaying. The displayed properties appear with a check mark.
The data grids allow users to manage and organize information by showing or hiding properties in tables within configuration interfaces. Users can view and select properties via column headers, enable multiple selections, add or remove columns, or reset grid settings. These features are available in all configuration interfaces using a table for data management. To turn on or off showing a property on the data grid, right-click column headers to select properties or use the reset button to return to default settings. Check out Working with DataGrids for detailed info.
Security Policies
Property | Description |
|---|---|
ID | Identifies uniquely the policy record. |
VersionID | Specifies the version of the policy. |
Name | Names the policy. |
Identification | Defines password and username requirements: Allows password change, sets minimum password length, blocks on invalid attempts, allows shared user, sets minimum username length, manages password history, sets minimum and maximum password age, blocks aging. |
ESign | Enables or disables e-signature settings and sets the timeout for it. |
Session | Determines session control settings: Sets AutoLogOff options (None, Inactive, Duration, or Both), and configures InactivityMinutes and DurationHours. |
DateCreated | Records the date when the policy record was created. |
DateModified | Notes the date when the policy record was last modified. |
Description | Describes the purpose or details of the policy. |
In this section: