GENESIS64 Security - Quick Start

GENESIS64 uses a security model that is both granular and additive. You can set individual rights and access based on users and groups, create named policy settings that can be applied to users and groups, and control access to individual applications, features, systems, and more based on time settings if you wish.

Security protection is applied to the following items within the GENESIS64 system:

• Application actions
• Process output points
• Critical points
• Alarms
• Files
• Stations

The security system contains two components: the Security Server, which manages user logins and security system clients contained within the applications in the GraphWorX64 family (e.g. GraphWorX64, TrendWorX64, AlarmWorX64, etc.). Any stimulus (i.e., a user login or logout) that causes a change in security status will be immediately posted to the affected clients.

This topic provides an overview of GENESIS64 Security basic concepts. For more detailed information, refer to the Retrieving Advanced Security Information topic.

Configuring the Security Server

1. You can launch the Security Server from the Start menu, or from the Workbench. You can go to Start > All Programs > ICONICS > Tools > Security. Alternatively, you can click on the Security Server icon in the navigation tree button bar, shown highlighted below in the Workbench.

Figure 1 - Security Server in the Workbench

2. First, you will create a user group. Right-click the Groups folder and select Group. Name this group Administrators and click Apply. (For help with the part of the instructions, refer to the Users and Groups and Security Privileges for Users and Groups topics.)

Figure 2 - Adding a User Group

3. Next, you will add a user. Right-click the Users folder, select User. Call this user Admin; specify the password and click Apply.

Figure 3 - Adding a User

NOTE: The first user you add to security is always the system administrator with all permissions granted. This will prevent you from being logged out of your own system. Also, as soon as you create this user, security will start and you will be logged out of the security, please log in to continue.

4. You will now associate the user Admin to the group Administrators. Right-click on the group Administrators, and select Membership and the Group Properties dialog appears.

Figure 4 - Group Membership

5. Click on the Add button, select Admin user, click Ok, and then Exit.

Figure 5 - Adding a User to a Group

6. Now let's look at application privileges. To set Security Privileges, create a new group called Users, and go to the Application Actions tab.
7. Expand GraphWorX64 > Menu, uncheck the Exit Runtime option.

Figure 6 - Removing GraphWorX64 Exit Runtime Permission

NOTE: This protects GraphWorX64 display from being stopped by an unauthorized person.

8. Click Apply when you are done editing this setting.
9. Create another user called Operator, specify a password, and add this new user to group Users.

NOTE: Users privileges are either allowed or denied. When a user is added to a group, that user is given the group's privileges. However, a privilege denies access, that denial always takes precedence over an allowed privilege when access is set.

Account Policy

Account policies are a set of rules that you can apply to a users. They dictate items such as password complexity, password life, account lockout and other items. You can create a new Account Policy by right-clicking the Account Policies folder and selecting Account Policy. Once you create the policy, you can associate the policy to a user in the User Properties. By default, when you create a user, it uses the Default Policy. For more information, refer to the Account Policies topic.

Testing the Configuration

1. Open Workbench File menu and click Log In\Log Out. This opens the Security Login dialog.
2. For the User name, select Operator. Then type a password and click the Log In button.

Figure 7 - Security Login Dialog

3. Open the GraphWorX64 provider in the classic Workbench.
4. Expand the navigation tree in the Project Explorer and right-click on a display (e.g., Car display) and select Edit display. The display will open in configuration mode

Figure 8 - Open a GraphWorX64 Display in Configuration Mode

5. Click on the Runtime button at the upper-right corner and the display will go into Runtime mode.
6. Now, click the Configure button. You will not be able go back to Configuration mode due to Security Privileges.
7. Log in as the Admin user and the Configure button will be enabled again.

See also:

Logins and Passwords

Modifying the Access Denied Screen

Securing Desktop for Operations