Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ System Platform

TABLE OF CONTENTS

Secure visualization

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedAug 13, 2025
  • 2 minute read

System Platform includes two visualization clients: InTouch HMI and AVEVA Operations Management Interface (OMI). AVEVA OMI is an advanced visualization client built into Application Server, and directly leverages the Application Server security model and settings.

Users with different roles require different user interface experiences. Typical interface experiences include window-to-window navigation, data visibility on a specific window, and restrictions on visible actions. InTouch HMI easily supports these actions through animation links. The animation links (typically) test the InTouch Software system tag $AccessLevel. While this implementation works, it provides a very linear security model.

Application Server roles offer more flexibility and can be leveraged from InTouch HMI by using the IsAssignedRole ("RoleName") script function. When executed, this function determines if the currently logged-in user is assigned to the role that was entered into the script call. This function allows the InTouch application to access the role-based security set in the System Platform IDE.

To implement this, add a Data Change script to InTouch Software that executes any time the InTouch system tag $Operator changes. For example, the following script could be called when the $Operator tag changes:

AdministrativeAccess = IsAssignedRole("Administrator");

SetpointAccess = IsAssignedRole("Engineer");

ManualAccess = IsAssignedRole("Operator");

In this example, AdministrativeAccess, SetpointAccess, and ManualAccess are Discrete InTouch Software memory tags. Users can possess multiple roles and more than one of these discrete tags could be set. You can animate the InTouch Software application by using these tags in the expression statements of the animation links.

This implementation has the following advantages:

  • First, the scripts execute only when the user changes. Instead of running the same script for every animation, it only runs as needed, which improves overall application performance. This also improves the draw times of the screen are also improved, since it is not necessary to evaluate the user rights for each associated animation.

  • The second advantage is in maintenance. By having the script appear in one location, there is only one place to go to make required changes. If, in the previous example, all Manual Control was no longer allowed by Operators, but instead this permission was only going to be given to Engineers, this can be achieved by a simple change. You would change the third line of the script to read:

    ManualAccess = IsAssignedRole("Engineer");

This change would only be made in the $Operator Data Change script, instead of every Manual Control animation.

TitleResults for “How to create a CRG?”Also Available in