Set object security
- Last UpdatedJan 15, 2025
- 3 minute read
Operators interact with objects through the individual attributes of those objects. Each attribute on the Object Editor that can be modified by operators at runtime can have an associated security control, which is used to modify its runtime security classification.
|
|
In the Attributes page, security icons must be enabled before you can set security for an attribute or any of its features in a template. To enable security, select the Show/Hide Security icon to the right of the description field. |
When security is enabled, security symbols will appear next to values for which security is configurable. Security symbols are not visible in the template or its derived instances unless enabled in the parent template.
If an attribute's security classification is configurable, select the security control to select one of seven possible states:
|
Security Icon |
Description |
|---|---|
|
|
Lets you change this value without restriction even if you have no defined permissions on the object. Anyone can write to these attributes to perform safety or time critical tasks that can be hampered by an untimely logon request, such as halting a failing process. |
|
|
Lets you work with Operate permissions to do certain normal day-to-day tasks. These include writing to attributes like Setpoint or Command for a Discrete Device object. This level of security requires you to have Operate permission for the security group for the object. |
|
|
Requires you to authenticate using your user name and password each time you want to write to the attribute. You also need to have Operate permissions for the object. |
|
|
Requires you to have Operate permissions to log on again and a second, different user to also log on as the verifier before writing to the attribute. The verifier needs to have Can Verify Writes permission for the object. |
|
|
Allows end users with Tune Operational permissions to tune the attribute in the runtime environment. Examples of tuning are attributes that adjust alarm setpoints and PID sensitivity. |
|
|
Allows end users with Configure Operational permissions to configure the attribute’s value. Requires that the user first put the object off scan. Writing to these attributes is considered a significant configuration change. For example, a PLC register that defines a Discrete Device input. |
|
|
Only allows users to read this attribute’s value in the runtime environment. This attribute is never written to at runtime, regardless of the user's permissions. |
If an attribute’s security is shown in gray, its security classification is locked in its parent object and cannot be changed, or it requires the enabling of a group attribute.