GENESIS64 Security - Quick Start

GENESIS64 uses a security model that is both granular and additive. You can set individual rights and access based on users and groups, create named policy settings that can be applied to users and groups, and control access to individual applications, features, systems, and more based on time settings if you wish.

Security protection is applied to the following items within the GENESIS64 system:

• Application actions
• Process output points
• Critical points
• Alarms
• Files
• Stations

The security system contains two components: the Security Server, which manages user logins, and security system clients contained within the applications in the GraphWorX64 family (e.g. GraphWorX64, TrendWorX64, AlarmWorX64, etc.). Any stimulus (i.e., a user login or logout) that causes a change in security status will be immediately posted to the affected clients.

This topic provides an overview of GENESIS64 Security basic concepts. For more detailed information, refer to the Retrieving Advanced Security Information topic.

Configuring the Security Server

1. Open the Workbench, then expand the current project to show the Security provider node, as shown below.

Security Provider Selected within the Workbench

2. You will then create a user group. Right-click the Groups node then select Add Group, as shown below.

Adding a User Group in the Project Explorer

-OR-

Select the Groups node then click on the Add Group button in the Edit section of the Home ribbon in the Workbench, shown below.

Add Group Button

This opens the Group properties, as shown below, in the right side of the Workbench.

Group Properties

3. Name this group "Administrators" and click Apply. (For help with the part of the instructions, refer to the Users and Groups and Security Privileges for Users and Groups topics.).

4. Next, you will add a user. Right-click the Users node then select Add User, as shown below.

Adding a User in the Project Explorer

-OR-

Select the Users node then click on the Add User button, shown below, in the Edit section of the Home ribbon in the Workbench.

Add User Button

3. This opens the User properties, as shown below, in the right side of the Workbench. Call this user "Admin" then specify the password and click Apply.

User Properties

NOTE: The first user you add to security is always the system administrator with all permissions granted. This will prevent you from being logged out of your own system. Also, as soon as you create this user, security will start and you will be logged out of the security, please log in to continue.

4. You can now associate the user "Admin" to the group "Administrators". Select Groups in the Security Server provider and right-click on the group "Administrators", and select Membership, as shown below.

Set Group Membership in Project Explorer

-OR-

Select your group (in this example, "Administrators") then click on the Membership button, shown below, in the Edit section of the Home ribbon in the Workbench.

Membership Button

5. This opens the Set the membership window, as shown below. Use the pulldown menu to select a user (in this example, "Admin"). Once selected, click OK.

Adding a User to a Group

6. Now let's look at application privileges. To set Security Privileges, create a new group called Users. In the Workbench, the Application Actions will appear on the main page regardless of the tab selected. Expand GraphWorX64 > Menu, uncheck the Exit Runtime option.

Removing GraphWorX64 Exit Runtime Permission in the Workbench

NOTE: This protects GraphWorX64 display from being stopped by an unauthorized person.

8. Click Apply (or Apply & Close) when you are done editing this setting.
9. Create another user called Operator, specify a password, and add this new user to group Users.

NOTE: Users privileges are either allowed or denied. When a user is added to a group, that user is given the group's privileges. However, a privilege denies access, that denial always takes precedence over an allowed privilege when access is set.

Account Policy

Account policies are a set of rules that you can apply to a users. They dictate items such as password complexity, password life, account lockout and other items. You can create a new Account Policy by right-clicking the Account Policies folder and selecting Account Policy. Once you create the policy, you can associate the policy to a user in the User Properties. By default, when you create a user, it uses the Default Policy. For more information, refer to the Account Policies topic.

Testing the Configuration

1. In the Workbench, you can click on File, then Log In\Log Out, as shown below.

Login/Logout from File Menu in the Workbench

-OR-

In certain instances (based on which components of which providers you are currently using), you can click on the Login/Logout in the Security section of the Home ribbon in the Workbench.

2. This opens the Security Login dialog, shown below. For the User Name, use the pulldown menu to select Operator. Then type a Password and click the Log In button.

Security Login Dialog

3. Open the GraphWorX64 provider in the classic Workbench.
4. Expand the navigation tree in the Project Explorer and right-click on a display (e.g., Car display) and select Edit display. The display will open in configuration mode

Open a GraphWorX64 Display in Configuration Mode

5. Click on the Runtime button at the upper-right corner and the display will go into Runtime mode.
6. Now, click the Configure button. You will not be able go back to Configuration mode due to the set Security Privileges from this example.
7. Log in as the Admin user and the Configure button will be enabled again.

See Also:

Logins and Passwords

Modifying the Access Denied Screen

Securing Desktop for Operations