Users and Groups

Security is created by adding user accounts and groups. Users can be added to groups as members. These are described in this topic. When implementing GENESIS security, define your global settings, and then your account policies. Only after you have done these two tasks should you then proceed to:

  1. Define your user groups (described below in Groups) where you establish the security privileges that the members of the group will share.

  2. Define your users (described below in User Accounts), then add them to the groups to which they are members.

Groups

A group is the same as a role, or a collection of users who share a set of privileges. Initially there are no groups so you need to create one. Users can be added to one or more groups, but groups cannot be added to other groups. However you can duplicate a group and make appropriate changes to it. Groups must have a unique name.

During runtime, if more than one group is in effect, the least restrictive is used. For this reason, the privileges and restrictions set in the default group must be the most restrictive. Individual users can be made less restrictive than the default, but never more restrictive.

 

To Add a New Group:

  1. Right-click Groups to show the context menu (as shown below), then click the Add Group menu option. This reveals the Security Server User forms on a New Group tab within the the Workbench main window.

Add Group Command

 

Note: If you have role definitions that are saved in a file, you can click Import to import them from a file. Note also that you can export role definitions, too, by clicking Export.

  1. Wnter the name of the role, making sure it is descriptive enough to identify exactly what its security encompasses.

  2. Use any or all of the remaining tabs to complete the security definitions for the group: tabs are Points, Alarms, Files, Stations, Methods, Assets and Custom. These tabs are described in detail in Security Privileges for Users and Groups. Keep in mind that all users who become members of this group will share these privileges.

  3. Click Apply to save the new role.

User Accounts

A user is an account associated with a name, password, and certain privileges either allowed or denied them. When a user is added to a group, that user gets the additional privileges of that group. However, should there be a denied access right, that always take precedence over an allowed privilege in setting access. Users can be added to one or more groups, but groups cannot be added to other groups. However you can duplicate a user and make appropriate changes to the account. Users must have a unique name.

 

To Add a New User:

  1. Right-click Users to show the context menu (as shown below), then click the Add User menu option. This reveals the Security Server User forms on a New User tab within the the Workbench main window.

New User Command

 

Note: If user accounts are saved in a file, you can click Import to import them from that file. Note also that you can export user account information, too, by clicking Export.

  1. Define the user account name and password. Select the account policy to be used for the user. The user's account policy may restrict the password that can be used; for more information, refer to Account Policies.

Defining a New User Account

  1. Use any or all of the remaining tabs to complete the user account definitions: tabs are Points, Alarms, Files, Stations, Methods, Assets and Custom. These tabs are described in details in Security Privileges for Users and Groups. Keep in mind any groups you will be adding the user to; you don't have to define security privileges for the user if those same privileges are defined for a group that the user will belong to.

  2. Add the user to one or more groups. To assign a user to a group, you extend membership by group or by user.

    1. To add the user to one or more groups, click on 'Groups' or 'Users' in the Project Explorer. The associated group(s) or user(s) will be listed in the top right of the main window in the Workbench. Right-click your desired group or user then select Membership.

Membership by User (left) and Group (right)

   

Selecting Membership for a user opens the 'Set the membership' dialog box to which you add groups, while selecting Membership for a group opens the 'Set the membership' dialog box (shown below) to which you add users.

 

'Set the membership' Dialog Box, Where You Add Users

    1. Click the Add button [+]. A dialog box opens where you can select the groups to add to the user account, or the users to add to the group.

    2. Make your selections. To select more than one, hold down the Ctrl key which you click on each selection.

    3. When you are done, click OK. Your selections are added.

 

See also:

Security Overview

Security Privileges for Users and Groups