Overview

All applications use the Security API when security clearance is required. The API provides three modes of operation: Standard, OS, or ArchestrA. When needed, the application prompts the operators for their ID and password.

In OS mode, a domain or local machine name is also required. The information is compiled into a security request message and sent to either the Windows Security API or the Security Manager depending on which mode is active. In OS mode, a temporary logon using the passed User ID results in either pass or fail access. If access is permitted, a list of all groups that contain the User ID is returned. This information is then sent to the Security Manager along with the application or function name, the operator station from where the request was made, and if applicable, the recipe identification code. The Security Manager compares the security request with the information defined in the security database and returns an OK or Not OK result to the application making the request. The application acts on the result accordingly.

In Standard mode, the Windows security check is not performed. Instead, the information is sent directly to the Security Manager.

In ArchestrA mode, AVEVA Batch Management authenticates users against the ArchestrA security system. For details, see the Working with Security chapter in the Application Server User’s Guide.

The following conceptual diagram shows Security System relationships.

Important: On Foxboro DCS systems, if an Foxboro DCS secured configuration is supported, then AVEVA Batch Management will support both standard and operating system security modes. For an Foxboro DCS unsecured configuration, only standard security mode will be supported. However, for Foxboro DCS with InFusion, all AVEVA Batch Management security modes are supported. For more information see Security Modes.