Overview
This page provides an overview about settings related to Security module.overall introduction on Security Module configuration objects and settings.
On this page:
| Table of Contents | ||||
|---|---|---|---|---|
|
Security
SettingsUsers
This section describe the settings related to Security module.
is the summary for SecurityUsers configuration. For detailed information, see the Security Users page.
Pre-defined Users
The following user names are configured by default:
Administrator: built-in user that controls the Security System. No password is configured by default. You should set a password for this user.
Guest: used by default to access and when you log off as another user. No password is configured by default.
User: used as a generic login user. No password is configured by default.
| Note | ||
|---|---|---|
| ||
If the User did not execute any Log On or Identification procedure, it will be recognized as the pre-defined Guest User, which is equivalent to an anonymous access. |
The Guest user is the default user for anonymous logins and does not have a password assigned. It cannot be deleted or have a password added. When you log off as another user, the Guest user must be availableis activated. To restrict access to resources, you may modify the permissions for the Guest user.
Avoid creating other users with the same names or altering the row IDs of these built-in platform objects. The Administrator is the sole user capable of deleting, blocking users, and defining passwords for database interfaces.
Default propertiesMain Configuration Properties
Security Users |
|---|
Main Properties | |
|---|---|
Field/Column | Description |
Name | Enter a user name. The system allows you to know if the name is not valid. |
Permissions | Select the permission group to be used by this user. See |
Password | Enter a password for the user. The system allows you to know if the password is not valid. You can configure password requirements. See |
PasswordHint
Enter information that can help you remember the user’s password.
Policy | Select the policy settings to use for this user. See |
Deleted
Select to block the user’s access and flag the user as deleted, without deleting the user. You may want to use this for users who are no longer in your company.
Select to block the user’s access. You may want to use this for users who are no longer in your company.
Profile | Enter the user’s email address, phone number, and full name. |
Permissions Groups
This is the summary for Security PermissionsGroups configuration. For detailed information, see the Security Permissions page.
PermissionsPre-defined Security
groupsPermissions Groups
The platform comes with a few predefined Permission Permissions groups that you can use, or you can create your own.
- Administrator
- Guest
- User
- Engineering
- Supervisor
- Maintenance
- Operator
Security Permissions propertiesMain Configuration Properties | |
|---|---|
Column | Description |
Name | Enter a name for the group. |
Edit | Select the modules users in the group can access when editing a project.
|
Run | Select the modules users in the group can access when using the runtime.
|
Description | Enter a description for the Permission group. |
Edit
permissionsPermissions (Designer Restrictions)
It is possible to allow/deny a user to edit different project tabs in the Engineering Environment. The available options are shown in the image below.
Edit Permissions propertiesProperties | |
|---|---|
Property | Description |
Unrestricted | Select to allow all Edit Permissions |
EditTags | Select to allow tag editing. |
Historian | Allow edition in Historian module. |
Security | Select to allow for the Security module access. |
Alarms | Select to allow for the Alarms module access. |
Scripts | Select to allow for the Script module access. |
Datasets | Select to allow for the Datasets module access. |
Displays | Select to allow for the Displays module access. |
Reports | Select to allow for the Reports module access. |
Startup | Select to allow Startup. |
Publish | Select to allow Publish. |
Settings | Select to allow for the Settings access. |
Notes | Select to allow for the Notes access. |
CreateTags | Select to allow tag creating. |
Run
permissionsPermissions (Runtime)
It is also possible to allow/disallow a user to perform different actions during Runtime.
Run Permissions propertiesProperties | |
|---|---|
Property | Description |
Unrestricted | The user gets permission to do everything. |
Test | Once selected, the user can run a Test. |
Startup | Once selected, the user can run a Startup with all the modules. If not, the modules script, datasets, devices, and reports will not start. |
Shutdown | Once selected, the user is able to shutdown the application |
ClientStart | Once selected, the user is able to run all the modules in a startup. If not, the modules displays and devices will not start. |
ClientShutdown | Once selected, the user is able to shutdown the application as a client. |
StartTools | Once selected, the user can run the diagnostics tool, such as: property watch, trace window and module information. If it is not selected, the user is unable to start these tools. |
ToolsSetValues | Once selected, the user gets the read-only permission in the diagnostics tool, such as: property watch, trace window and module information. |
CreateUsers | Once selected, the user is able to create new user for the project. |
SwitchApplication | If it is not selected, the user can not switch application, the taskbar disappears. |
WebAccess | When the user has this permission, he can access the Web Client through the URL found in the Info → Redundancy → Web Client URL. If this option is not selected, the user cannot use the Web Client. |
. |
Security Policies
This is the summary for Security Policies configuration. For detailed information, see the Security Policies page.
On Security → Policies, there are three main configuration columns that can be important for CFR 11 compliance.
Pre-defined Policies
The platform comes with a few predefined policies that you can use, or you can create your own.
Default
Enhanced
Critical
Security Policies propertiesProperties | |
|---|---|
Column | Description |
Name | Enter a name for the policy. The system allows you to know if the name is not valid. |
Identification | Select the password rules for both editing a project and accessing the runtime.
|
Esign | For runtime only. Select to enable a timeout for the runtime login. Enter the timeout period in minutes.
|
Session | For runtime only. Use to enable a timeout for the runtime session. Select what will cause an automatic logoff, then enter the appropriate values for InactivityMinutes and DurationHours. This setting only logs the user off. The application continues to run.
|
Description | Enter a description for the policy. |
Identification
propertiesProperties
Contains several password configuration options, detailed below:
Security Identification propertiesProperties | |
|---|---|
Property | Description |
AllowPasswordChange | Allows password changesIndicates if a user, other than an administrator, can change its own password. |
PasswordMinLength | Sets the minimum password lengthMinimum character length for password (0 means no restrictions). |
BlockOnInvalidAttempts | Defines the maximum Maximum number of invalid login attempts before blocking user (0 means no restrictions). |
AllowShareUser | Indicates if user can be shared between stations. |
UserNameMinLengthSets | the minimum length of the user nameMinimum character length for username (0 means no restrictions). |
PasswordHistory | Remember last passwords (Range: 0-5). |
MinPasswordAge | Minimum password age in hours (0 means no restrictions). |
MaxPasswordAge | Maximum password age in hours (0 means no restrictions). |
BlockAging | |
Maximum blocking age in hours (0 means no restrictions). |
| Anchor | ||||
|---|---|---|---|---|
|
When enabled, a password will be requested for Action Dynamics with eSign. The password remains valid for a specified timeout time (in minutes).
Security Esign propertiesProperties | |||
|---|---|---|---|
Property | Description | Enableed | TimeoutMinutes |
Enabled | Password will be requested for Action Dynamics with eSign is enabled. |
TimeoutMinutes | Timeout in minutes for password with eSign to remain valid. |
Session Properties
User can be logged off according to a determined Inactivity Time (in minutes) and/or after a maximum session duration (in hours).
Security Session |
|---|
Properties | |
|---|---|
Property | Description |
AutoLogOff |
|
InactivityMinutes | Inactivity Time (in minutes). |
DurationHours | Inactivity Time after a maximum session duration (in hours). |
To apply a created session configuration to a User, go to Security → Users (Policies Column), and select the desired option.
RuntimeUsers
The combination of the RuntimeUsers
Contentand regular SecurityUsers table are called Solutions Users.
| Info |
|---|
The main difference between the two groups is that engineering users can access the software's engineering mode, allowing them to design and configure the project. In contrast, runtime users only can use the application, they cannot change the project configuration or design since they don't have access to the engineering mode. Another distinction is that the regular Users are defined within the Solution file itself, as the Runtime Users are defined in external Security Servers or databases. |
In this section...
| Page Tree | ||||
|---|---|---|---|---|
|