Manage security roles

You can create and manage user roles that apply to your organization’s processes and work-based authorities. Two roles are defined by default: Administrator and Default.

You can specify General and Operational Permissions for each role.

• General permissions relate to application configuration and administration tasks.

  Note: You cannot modify the General permissions of the Administrator role.

• Operational permissions relate to the security groups listed on the Security Groups page. By default, the Administrator has all permissions.

There are five basic Operational permissions that can be granted to a security role

• Manage alarms

  • Can Acknowledge Alarms: Enables users to manually acknowledge an alarm while a ViewApp is running.

  • Can Shelve Alarms: Enables users to shelve and unshelve alarms.

  • Can Modify Alarm Modes: Enables users to modify the mode of an alarm.

  • Can Modify Plant States: Enables users to modify plant states for state-based alarming.

• Can Modify "Configure" Attributes: Enables users to configure the attribute’s value. Requires that the user first put the object Off scan. Writing to these attributes is considered a significant configuration change, for example, a PLC register that defines a Discrete Device input.

• Can Modify "Operate" Attributes: Enables users with operational permissions to do certain normal day-to-day tasks like changing setpoint, output and control mode for a PID object, or commanding a Discrete Device object.

• Can Modify "Tune" Attributes: Allows users to tune an attribute in the runtime environment. Examples of tuning are modifying attribute values that specify alarm setpoints and PID sensitivity.

• Can Verify Writes: Enables users to provide an authentication signature for attributes configured with Verified Writes security classification. Only users with this permission can verify a task performed by users with the Can Modify “Operate” Attributes permission.