Security is created by adding user accounts and groups. Users can be added to groups as members. These are described in this topic. When implementing GENESIS security, define your global settings, and then your account policies. Only after you have done these two tasks should you then proceed to:
Define your user groups (described below in Groups) where you establish the security privileges that the members of the group will share.
Define your users (described below in User Accounts), then add them to the groups to which they are members.
A group is the same as a role, or a collection of users who share a set of privileges. Initially there are no groups so you need to create one. Users can be added to one or more groups, but groups cannot be added to other groups. However you can duplicate a group and make appropriate changes to it. Groups must have a unique name.
During runtime, if more than one group is in effect, the least restrictive is used. For this reason, the privileges and restrictions set in the default group must be the most restrictive. Individual users can be made less restrictive than the default, but never more restrictive.
To Add a New Group:
Adding a User Group in the Project Explorer

-OR-
Select the Groups node then click on the Add Group button in the Edit section of the Home ribbon in the Workbench, shown below.
Add Group Button

This opens the Group properties, as shown below, in the right side of the Workbench.
Group Properties

| 
 | Note: If you have role definitions that are saved in a file, you can click Import to import them from a file. Note also that you can export role definitions, too, by clicking Export. | 
Enter the Name of the role, making sure it is descriptive enough to identify exactly what its security encompasses.
General Properties
Select, by checkbox, whether This is the default group, whether the group will use Reserve Licensing, and/or whether the group will use Write Licensing.
You can provide a Root Asset in the text entry field, or click on the  to open the Data Browser to navigate to one.
 to open the Data Browser to navigate to one.
You can provide a Default Asset in the text entry field, or click on the  to open the Data Browser to navigate to one.
 to open the Data Browser to navigate to one.
You can provide a Custom Identifier for the group, by entering it in the text entry field.
You can set a Default Language in the text entry field or click on the  button to open the Language Selector window and pick one. When set, when the specified user logs into the associated application(s), GENESIS64 will automatically switch the language set in Language Aliasing to the assigned language. This will prevent users or groups from inadvertently logging in or designing in an unknown language.
 button to open the Language Selector window and pick one. When set, when the specified user logs into the associated application(s), GENESIS64 will automatically switch the language set in Language Aliasing to the assigned language. This will prevent users or groups from inadvertently logging in or designing in an unknown language.
Application Actions
In the Application Actions section, you can set permissions for use of entire applications or, by using the left-sided carat and expanding, allowing control over specific actions within an individual application.
You can then use any or all of the remaining tabs to complete the security definitions for the group: tabs are Points, Alarms, Files, Stations, Methods, Assets, Favorites, KPIWorX Favorites, Reports, Transactions, Mobile, Custom and EarthWorX Credentials. These tabs are described in detail in Security Privileges for Users and Groups. Keep in mind that all users who become members of this group will share these privileges.
Click Apply to save the new role.
A user is an account associated with a name, password, and certain privileges either allowed or denied them. When a user is added to a group, that user gets the additional privileges of that group. However, should there be a denied access right, that always take precedence over an allowed privilege in setting access. Users can be added to one or more groups, but groups cannot be added to other groups. However you can duplicate a user and make appropriate changes to the account. Users must have a unique name.
To Add a New User:
Right-click the Users node then select Add User, as shown below.
Adding a User in the Project Explorer

-OR-
Select the Users node then click on the Add User button, shown below, in the Edit section of the Home ribbon in the Workbench.
Add User Button

User Properties

NOTE: The first user you add to security is always the system administrator with all permissions granted. This will prevent you from being logged out of your own system. Also, as soon as you create this user, security will start and you will be logged out of the security, please log in to continue.
| 
 | Note: If user accounts are saved in a file, you can click Import to import them from that file. Note also that you can export user account information, too, by clicking Export. | 
Define the user account Name and password. Next, select the Default Policy to be used for the user. The user's account policy may restrict the password that can be used. For more information, refer to Account Policies.
Select, by checkbox, whether The Account is Locked, whether the user will use Reserve Licensing, and/or whether the user will use Write Licensing.
You can provide a Root Asset in the text entry field, or click on the  to open the Data Browser to navigate to one.
 to open the Data Browser to navigate to one.
You can provide a Default Asset in the text entry field, or click on the  to open the Data Browser to navigate to one.
 to open the Data Browser to navigate to one.
You can provide a Custom Identifier for the group, by entering it in the text entry field. Next, enter a User Lookup Identifier in the following text entry field.
You can set a Default Language in the text entry field or click on the  button to open the Language Selector window and pick one. When set, when the specified user logs into the associated application(s), GENESIS64 will automatically switch the language set in Language Aliasing to the assigned language. This will prevent users or groups from inadvertently logging in or designing in an unknown language.
 button to open the Language Selector window and pick one. When set, when the specified user logs into the associated application(s), GENESIS64 will automatically switch the language set in Language Aliasing to the assigned language. This will prevent users or groups from inadvertently logging in or designing in an unknown language.
In the Application Actions section, you can set permissions for use of entire applications or, by using the left-sided carat and expanding, allowing control over specific actions within an individual application.
Use any or all of the remaining tabs to complete the user account definitions: tabs are Points, Alarms, Files, Stations, Methods, Assets, Favorites, KPIWorX Favorites, Reports, Transactions, Mobile, Custom and EarthWorX Credentials. These tabs are described in details in Security Privileges for Users and Groups. Keep in mind any groups you will be adding the user to; you don't have to define security privileges for the user if those same privileges are defined for a group that the user will belong to.
Add the user to one or more groups. To assign a user to a group, you extend membership by group or by user. To add the user to one or more groups, click on 'Groups' or 'Users' in the Project Explorer. Right-click your desired group or user then select Membership.
Set Group Membership in Project Explorer

-OR-
Select your group (in this example, "Administrators") then click on the Membership button, shown below, in the Edit section of the Home ribbon in the Workbench.
Membership Button

This opens the Set the membership window, as shown below. Use the pulldown menu to select a user (in this example, "Admin"). Once selected, click OK.
Adding a User to a Group

See Also:
Security Privileges for Users and Groups