Privileges
- Last UpdatedJul 18, 2023
- 2 minute read
Plant SCADA provides eight privileges, numbered 1 to 8, that you can use to restrict access to some of the elements in a runtime system. These elements include:
-
Graphics pages
-
Graphics page objects
-
Alarms
-
Trends
-
SPC tags
-
Accumulators
-
Keyboard commands
-
Reports.
To implement privileges in a Plant SCADA system, you need to perform the following:
-
Assign privileges to the required elements (using the Privilege property for each element)
-
Assign matching privileges to the Roles that require access to those elements.
When configuring privileges for a role, you can assign global privileges that apply to all Areas, or you can assign privileges for specific areas.
The properties that define privileges for a role include the following:
|
Role Property |
Description |
|---|---|
|
Privileges |
Sets global privileges for the role (that apply to all areas). If you assign a role a global privilege, that role is also granted view access to every area automatically. Any user assigned that role will be able to view every area of the plant. |
|
Priv 1 Areas ... Priv 8 Areas |
Sets privileges for specific areas. For example, if "Priv 1 Areas" is set to "1,2,3", users assigned to this role will have privilege 1 access to Areas 1,2 and 3. |
|
View Areas |
Allows users assigned to the role to view the specified areas. |
For more information about the configuration of areas and privileges, including some examples, see Privilege and Area Combinations.
Not every system element needs a privilege classification. For example, every user will require access to a login command. A blank privilege setting (or privilege 0) means that an element has no classification and will be accessible to all users.
Note: You can use the Citect.ini parameter [Privilege]Exclusive to implement hierarchical privilege. This means users with privilege 3 have access to commands with a privilege classification of 3, 2, and 1. To allocate every privilege, you only need to specify privilege 8.