You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Security Configuration (Tutorial) teaches you to:

  • Add user authentication and permission
  • implementing role-based access control
  • Protect Commands on Displays

Prerequisites:

In this page:


Security → Tutorial | Concept | How-to Guide |  Standards Compliance | Reference


Create Security Groups

Navigate to Security → Permissions and configure groups:

OperatorsSupervisorsAdministrators
• Priority: 3• Priority: 2• Priority: 1
• View displays only• View + acknowledge alarms• Full access
• No configuration changes• Generate reports• Configuration allowed

Define Users

  1. Go to Security → Users
  2. Create users:
UserGroupPasswordPolicy
operator1Operatorsoper123Default
supervisor1Supervisorssuper456Enhanced
adminAdministratoradmin789Critical

Note: Change default passwords immediately in production

Configure Permission Groups

Operator Permissions

  • Edit Permissions: None (all unchecked)
  • Run Permissions:
    • ClientStart: ?
    • WebAccess: ?
    • SwitchApplication: ?

Supervisor Permissions

  • Edit Permissions:
    • Reports: ?
    • Notes: ?
  • Run Permissions:
    • ClientStart: ?
    • StartTools: ?
    • WebAccess: ?

Administrator Permissions

  • Edit Permissions: Unrestricted ?
  • Run Permissions: Unrestricted ?

Set Security Policies

Go to Security → Policies and configure:

Password Requirements

For Enhanced policy:

  • Minimum length: 8 characters
  • Password history: 3
  • Max age: 90 days
  • Block after 3 invalid attempts

Session Settings

  • Auto-logoff: Inactivity
  • Timeout: 15 minutes (Operators)
  • Timeout: 30 minutes (Supervisors)
  • No timeout (Administrators)

Secure Display Elements

Add Login Button

  1. Open Overview display
  2. Add Button control:
    • Text: "Login"
    • Action: Security.Login()
    • Position: Top-right corner

Display Current User

  1. Add TextBlock:
    • Expression: "User: " + Security.CurrentUser
    • Position: Next to login button

Restrict Controls

For critical controls (e.g., setpoint changes):

  1. Select control
  2. Set Security → Permission: "Supervisors"
  3. Control hidden for Operators

Enable Audit Trail

  1. Go to Security → Policies
  2. Enable audit features:
    • Login/Logout tracking: ?
    • Configuration changes: ?
    • Alarm acknowledgments: ?
    • Tag value changes: ?
  3. Configure storage:
    • Database: Use solution database
    • Retention: 90 days

Test Security

Test as Operator

  1. Start Runtime
  2. Login as operator1
  3. Verify:
    • ? Can view displays
    • ? Cannot change setpoints
    • ? Cannot access configuration

Test as Supervisor

  1. Login as supervisor1
  2. Verify:
    • ? Can acknowledge alarms
    • ? Can generate reports
    • ? Cannot modify solution

Test as Administrator

  1. Login as admin
  2. Verify:
    • ? Full access to all features
    • ? Can modify configuration
    • ? Can create new users

Security Best Practices

Password Management:

  • Never use default passwords
  • Enforce strong password policy
  • Regular password rotation

User Management:

  • Create individual accounts (no sharing)
  • Remove unused accounts
  • Regular permission audits

Audit Trail:

  • Enable for compliance (FDA 21 CFR Part 11)
  • Regular backup of audit logs
  • Monitor suspicious activities

Troubleshooting

User cannot login:

  • Check username spelling
  • Verify account not blocked
  • Check permission group assignment

Features not accessible:

  • Verify user permissions
  • Check security policy settings
  • Ensure proper group membership

Session timeout issues:

  • Adjust inactivity timeout
  • Check policy configuration
  • Verify client connection

Next Steps

  • [FDA 21 CFR Part 11 Compliance] - Regulatory requirements
  • [Security (How-to Guide)] - Advanced configuration
  • [Runtime Users] - External authentication
In this section...

The root page @parent could not be found in space 93Draft.



  • No labels