Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Asset Information Management

TABLE OF CONTENTS

Deny Access to AVEVA AIM Dashboard

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedMay 10, 2023
  • 3 minute read

As stated in the Users topic, user accounts are created automatically when people visit the AIM Dashboard web application. Therefore, everyone with a Windows domain account on the server can access the AIM Dashboard.

However, if this is not desired, users can be denied access by modifying the web.config file to include a <AccessControlList> section. When the <AccessControlList> section is present, Users must either be granted access in the <Allow> element, or denied access in the <Deny> element. The<Deny> element takes precedence, and if a User is named here or belongs to a group in this element the user cannot access the AIM Dashboard. To access the AIM Dashboard a User must not appear in the <Deny> element and must be named in the <Allow> element as either a User or a group they belong to. You can specify that all Users have access by setting the <Allow> element’s Everyone attribute to True.

Note: The XML described here gets passed to the AIM web server. Therefore, it is recommended that you try to keep the XML as short as possible, for example, by avoiding long comments.

If <Group> is used, the AIM Dashboard will need to access Active Directory. The application will check whether the logged-in user is member of the parent AD group as well as its nested group hierarchy. Make sure that the Web server has access to Active Directory. The first user who accesses the AIM Dashboard may experience a short delay while the Active Directory data is read for the first time.

The following table gives details of the XML tags that can be used:

XML Tag

Description

AccessControlList

A child of <Portal> elements and defines the overall security access for an the AIM Dashboard instance. It contains one or zero <Allow> elements and one or zero <Deny> elements.

Allow

A child of <AccessControlList> elements and defines those users and groups that have access to the AIM Dashboard instance, subject to exclusions mentioned under <Deny>. It may contain an Everyone="True" attribute that allows all Users access, again subject to exclusions mentioned under <Deny>. Contains one or zero <Users> elements and one or zero <Groups> elements.

Deny

A child of <AccessControlList> elements and defines those users and groups that are denied access to the Portal instance. It contains one or zero <Users> elements and one or zero <Groups> elements.

Users

A child of <Allow> or <Deny> elements. It contains any number of <User> elements.

Groups

A child of <Allow> or <Deny> elements. It contains any number of <Group> elements.

User

A child of <Users> elements and defines a Windows or Forms user, for example, <UserValue="Domain1\Fred.Bloggs"/>.

Group

A child of <Groups> elements and defines a single Active Directory group, for example, <GroupValue="Group1"/>.

Note: A <Portal> element, with a specific ID attribute, overrides any access control in the <Portal> element with an ID attribute of Default.

XML Example 1:

<Portal PortalID="Portal1">
<AccessControlList>
<Allow>
<Users>
<User Value="Domain1\John.Smith" />
<User Value="Domain1\Jane.Jones" />
</Users>
<Groups>
<Group Value="Group1" />
<Group Value="Group2" />
</Groups>
</Allow>
<Deny>
<Users>
<User Value="Domain1\Fred.Bloggs" />
</Users>
<Groups>
<Group Value="Group2.Temp" />
</Groups>
</Deny>
</AccessControlList>
</Portal>

XML Example 2:

<Portal PortalID="Portal1">
<!-- Allow everyone accept Domain1\Fred.Bloggs -->
<AccessControlList>
<Allow Everyone="True">
</Allow>
<Deny>
<Users>
<User Value="Domain1\Fred.Bloggs" />
</Users>
</Deny>
</AccessControlList>
</Portal>

In This Topic
Related Links
TitleResults for “How to create a CRG?”Also Available in