Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Engineering

TABLE OF CONTENTS

Data Access Control (DACs)

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedMay 24, 2022
  • 2 minute read

Data Access Control (DAC) is the mechanism that protects information handled by the system from accidental or unauthorised manipulation.

The basic access control available is known as 'Team Owning Databases'. It implements access control on database level by simply giving the members of the team owning the database full access and others read-only to data held in particular databases.

A more sophisticated access control is implemented in the form of Access Control Rights (ACRs). ACR allows the administrator of the system to apply a more fine grained access control over the model. The following figure illustrates the DAC database hierarchy.

An ACR is defined through two entities:

  • A ROLE, which is a collection of rules called Permissible Operations (PEROPs).

  • A SCOPE, which defines to what part of the model the ROLE applies. The SCOPE may be an expression, for example, all ZONE WHERE (FUNC eq 'TEAMA')

A PEROP defines the access rights given for a number of pre-defined operations for one or more elements.

One or more ACRs may be assigned to a user granting and denying access to the model.

For a user to gain update access to a particular element two rules apply:

  • At least one PEROP in a ROLE assigned to a USER must grant the update operation.

  • No one PEROP must explicitly deny the operation.

Management tools are available for DAC through the Admin module. Control of DAC is also available through Programmable Macro Language (PML).

A PEROP consists of three parts:

  • The Element it applies to

  • The operations which can be performed on those elements

  • Optionally the Attributes that may be modified.

The PEROP may further restrict the elements it applies to by a qualifying condition. The qualifying conditions is an AVEVA E3D Design statement that should evaluate to true to qualify the PEROP.

The following operations are available through PEROPs

  • Create

  • Modify

  • Delete

  • Claim

  • Issue

  • Drop

  • Output

  • Export

  • Copy

Each of these operations may be set to

Allow

The operation is permitted

Disallow

The operation is not permitted

Ignore

The PEROP does not define whether this operation is permitted or not

Optionally the PEROP may further restrict which attributes it allows modification to by specifying a list of attributes that it either includes or excludes from allowing modification to.

The PEROP also holds the message that the system will issue if the PEROP denies attempted operation.

TitleResults for “How to create a CRG?”Also Available in