Use Secured and Verified Writes

You can configure an InTouch application so that operators can write data to Galaxy attributes that are configured with certain security classifications:

• A "secured write" classification requires the run-time operator to enter his or her credentials to complete the write operation.

• A "verified write" classification requires two signatures. An operator can write data if the appropriate credentials are provided, but authorization is also required by an additional verifier to complete the write operation.

Secured and verified writes require the following:

• Security must be enabled for the Galaxy.

• ArchestrA security must be enabled for the InTouch application.

• Run-time operators must have the appropriate operational permissions configured within the Galaxy:

  • An operator must have the "Can Modify Operate Attributes" operational permission to perform either a Secured Write or a Verified Write.

  • A verifier must have the "Can Verify Writes" operational permission to confirm the verified write.

Regardless of who is currently logged on as the run-time user for the InTouch application, Secured or Verified Writes always require user authentication. You can modify attributes configured with Secured or Verified Write security classification even if you are not the logged-on user. This does not affect the session of the logged-on user.

Important: For Galaxies that have security enabled and are migrated to Application Server version 3.5, the "Can Modify Operate Attributes" operational permission setting will be copied to the "Can Verify Writes" attribute. Starting with Application Server 3.5, Galaxies have the "Can Verify Writes" operational permission setting disabled by default.

Within InTouch Tag Viewer, a run-time user can only write to an indirect tag with a reference to an Application Server attribute.

You can use smart cards for authentication for secured and verified data writes. For more information, see Use Secured and Verified Writes.