Manage user authentication and permissions.
Tutorials → Security | Tutorial | How-to Guide | Reference
This Tutorial Teaches you to:
- Add user authentication and permission
- implementing role-based access control
- Protect Commands on Displays
Prerequisites:
1. Create Security Groups
To be able to change Security Permissions, first, you will need to:
- On the top menu, open Actions → Login
- User: Administrator
Password: blank (no pass)
As this tutorial is intend to teach, we are creating a new Security Group, in real-life projects prefer always to use the pre-defined groups. If you want to skip the creation of new groups, and to the tutorial with the existing one that is also a valid learning |
Navigate to Security → Permissions and configure groups:
| Operators | Supervisors | Administrators | |
|---|---|---|---|
| Run | ToolsSetValues | ToolsSetValues + Shutdown | Unrestricted |
| Edit | Nothing | Everything but Security | Unrestricted |
2. Set Security Policies
Go to Security → Policies and configure:
Password Requirements
For Enhanced policy, go to Identification and set:
- PasswordMinLength: 8 characters
- PasswordHistory: 3
- Max age: 90 days
- BlockOnInvalidAttempts: 3
Session Settings
- Auto-logoff: Inactivity
- Timeout: 15 minutes (Operators)
- Timeout: 30 minutes (Supervisors)
- No timeout (Administrators)
3. Define Users
- Go to Security → Users
- Create users:
| User | Group | Password | Policy |
|---|---|---|---|
| operator1 | Operators | oper123 | Operators |
| supervisor1 | Supervisors | super456 | Supervisors |
| admin | Administrator | admin789 | Administrators |
4. Secure Display Elements
Login Page
By default, the solution already has a default page name LogOn. This page contains the required logic to control user Logon on the system once it is running. Feel free to navigate to this display and get yourself familiar with it.
Display Current User
- Go to Displays → Draw → MainPage
- Add TextBlock:
- LinkedValue:
User: {Client.UserName}
- LinkedValue:
- Run solution
- Logon using the LogOn page
- Check the user that is currently logged on the solution
Restrict Controls
For critical controls (e.g., setpoint changes):
- Add a TextBox into the MainPage
- Double click, go to Dynamics and check Security
- Check Verify Permissions, and set only to Administrator
- Run solution
- Logon using the LogOn page and the Operator user
- To make the control not visible based on Security:
- Double click, go to Dynamics and check Security
- Check Verify Permissions, and set only to Administrator
- Double click then go to Dynamics and check Visibility
- Check Hide when security is disabled
- Run solution
- Validate control not showing based on security