GENESIS64 Security - Quick Start

GENESIS64 uses a security model that is both granular and additive. You can set individual rights and access based on users and groups, create named policy settings that can be applied to users and groups, and control access to individual applications, features, systems, and more based on time settings if you wish.

Security protection is applied to the following items within the GENESIS64 system:

• Application actions
• Process output points
• Critical points
• Alarms
• Files
• Stations

The security system contains two components: the Security Server, which manages user logins and security system clients contained within the applications in the GraphWorX64 family (e.g. GraphWorX64, TrendWorX64, AlarmWorX64, etc.). Any stimulus (i.e., a user login or logout) that causes a change in security status will be immediately posted to the affected clients.

This topic provides an overview of GENESIS64 Security basic concepts. For more detailed information, refer to the Retrieving Advanced Security Information topic.

Configuring the Security Server

1. You can launch the Security Server from the Start menu, from the classic Workbench or from the Workbench (the following documentation covers using Security Server within the Workbench).

Figure 1 - Security Server in the Workbench

2. First, you will create a user group. Right-click the Groups folder and select Add Group. Name this group Administrators and click Apply. (For help with the part of the instructions, refer to the Users and Groups and Security Privileges for Users and Groups topics.). The group will appear in the top right-side pane of the Workbench.

Figure 2 - Adding a User Group

3. Next, you will add a user. Right-click the Users folder, select Add User. Call this user Admin; specify the password and click Apply.

Figure 3 - Adding a User

NOTE: The first user you add to security is always the system administrator with all permissions granted. This will prevent you from being logged out of your own system. Also, as soon as you create this user, security will start and you will be logged out of the security, please log in to continue.

4. You will now associate the user Admin to the group Administrators. Select 'Groups' in the Security Server provider and right-click on the group Administrator, and select Membership and the Group Properties dialog appears.

Figure 4 - Group Membership

5. Click on the Add button, select Admin user, click Ok, and then Exit.

Figure 5 - Adding a User to a Group [Your Recently Added User, 'Admin', Will Appear Here.]

6. Now let's look at application privileges. To set Security Privileges, create a new group called Users. In the Workbench, the Application Actions will appear on the main page regardless of the tab selected.
7. Expand GraphWorX64 > Menu, uncheck the Exit Runtime option.

Figure 6 - Removing GraphWorX64 Exit Runtime Permission in the Workbench

NOTE: This protects GraphWorX64 display from being stopped by an unauthorized person.

8. Click Apply (or Apply & Close) when you are done editing this setting.
9. Create another user called Operator, specify a password, and add this new user to group Users.

NOTE: Users privileges are either allowed or denied. When a user is added to a group, that user is given the group's privileges. However, a privilege denies access, that denial always takes precedence over an allowed privilege when access is set.

Account Policy

Account policies are a set of rules that you can apply to a users. They dictate items such as password complexity, password life, account lockout and other items. You can create a new Account Policy by right-clicking the Account Policies folder and selecting Account Policy. Once you create the policy, you can associate the policy to a user in the User Properties. By default, when you create a user, it uses the Default Policy. For more information, refer to the Account Policies topic.

Testing the Configuration

1. Open Workbench File menu and click Log In\Log Out. This opens the Security Login dialog.
2. For the User name, select Operator. Then type a password and click the Log In button.

Figure 7 - Security Login Dialog

3. Open the GraphWorX64 provider in the classic Workbench.
4. Expand the navigation tree in the Project Explorer and right-click on a display (e.g., Car display) and select Edit display. The display will open in configuration mode

Figure 8 - Open a GraphWorX64 Display in Configuration Mode

5. Click on the Runtime button at the upper-right corner and the display will go into Runtime mode.
6. Now, click the Configure button. You will not be able go back to Configuration mode due to Security Privileges.
7. Log in as the Admin user and the Configure button will be enabled again.

See also:

Logins and Passwords

Modifying the Access Denied Screen

Securing Desktop for Operations