Security Role Configuration (ACM 7.1 Build 306 and earlier)

Configuring Users

User objects can be created by clicking the Add, Other and User. The new User object will be created in the folder selected. Double click on new User object to edit the General tab. Enter a descriptive name for this user object. A Description is optional. It is enabled by default*.

*If disabled, this user will have Read Only access to all objects when security is enabled.

Select the User tab. Enter a Username/Groupname that corresponds to a Windows account being used by this user. 

Examples:

CompanyXYZDomain\SCADAAdmins   ( windows AD group )

CompanyXYZDomain\MeasurementUsersGroup ( windows AD group )

CompanyXYZDomain\jsmith        ( windows AD user )

LocalMachineName\jsmith           ( individual local user account ) 

Lastly, click the ellipsis button next to the Role name and Add or Select a Role to assign to this user. Click the Save disc to complete the User configuration.

Configuring Roles

Role objects can be created by clicking the AddOther and Role. The new Role object will be created in the folder selected. Double click on the new Role object to edit the General tab. Enter a descriptive name for this role object. A Description is optional.

Select the Role tab. Click the check boxes next to the Role Privileges* to assign users of this role. Click the Save disc to complete the Role configuration

*The Configure Security privilege allows non-admin users to create/modify/delete User and Role objects as well as enable/disable security. 

Configuring Folder Overrides

Folder overrides can be managed by right-clicking on the folder in the Tree View and selecting EditThe Folder object will be opened. Select Security Overrides and Edit Overrides. Each record has a User and a Role object to assign. When a Role object is paired with a User object in the folder override settings, ACM will use the permissions configured in the paired Role object to determine whether actions can be performed on objects within the folder and in child folders. Permissions outside of the folder will still use the Role object assigned directly to the User object.

Once the desired changes are made close the records dialog and Click the Save disc to complete the Folder Override configuration.

Use Case: The Operator Role

In this example we will assume we have a non-admin user with a domain or local machine account named Operator. Consider the following server-wide security object configuration in ACM:

Role Object:

  • Name = Operators
  • Role Privileges = Modify Objects, Execute Commands.

User Object:

  • Name = Operator
  • Username = Operator
  • Role = Operators

In this case with security ENABLED this user would be able to do the following:

  1. Modify all non-security related objects in any folder.
  2. Execute Commands against all non-security related objects in any folder.
  3. This user would NOT be able to configure security in any folder.
  4. This user would NOT be able to create or delete ANY objects in ANY folder.

In this case with security DISABLED this user would be able to do the following:

  1. Modify/Create/Delete all objects in any folder, including security-related objects.
  2. Execute Commands against all objects in any folder, including security-related objects.



For assistance, please submit a ticket via our Support Portal, email autosol.support@autosoln.com or call 281.286.6017 to speak to a support team member.