Domain

A domain consists of an account hosted by the Server Infrastructure including a group of devices, users, groups, firewall rules, and permissions.
All remote devices in a domain are organized in folders in a tree-structure and can be associated with different user permissions.
Information about the usage of the remote access service is collected in the audit and log files asociated with the domain.
NOTE: The registration to a domain or the configuration can be carried out using the Tools Applets that work on the local network.
See the section for further information on this topic.
A domain includes a set of entities, as described below:
  • User:
     A user account enables the user to log into the related domain and access remote equipment by entering their own credentials. To access the web client, you need to enter the domain name and your username and password
  • Group:
     Groups are used to efficiently assign permissions to multiple user accounts. You can sort user accounts by type and create groups within your organization, according to roles and/or region.
    provides
    Admin
    ,
    Contributor
     and
    Owner
      groups by default in each domain.
    NOTE: A user may belong to multiple groups.
    Admin
    Can create, edit, and delete user accounts and change user permissions. They can also create, move, and remove folders in the domain.
    Contributor
    Can be assigned any or all of these profiles: Network security, Device installer, or Device access.
    Owner
    The individual account responsible for the FactoryTalk Remote Access subscription. Has permanent administration rights.
  • Remote device:
     A remote HMI or IPC on which UBIQUITY Runtime is installed and that can be reached through the web client.
  • Folder:
     You can organize one or more registered remote devices into folders.
    NOTE: A device can belong to just one folder.
  • Permissions:
     Permissions are rules applied to users that allow or deny the access to remote devices
  • Firewall policies:
     Firewall policies consist of rules applied to VPN packets that control whether certain protocols, ports, IP addresses, etc. are allowed or denied access. Firewall policies shall be imported or defined first and applied later to folders (and hence inherited by the devices stored within the folders) or to a single device. Different firewall policies may apply depending on the logged-in user.
See the section to learn more about firewall policies.

Subdomain

Sub-folders within the user domain are called subdomains. They are useful for setting up specific access control settings for different business units, regions, or operations as appropriate.
NOTE: Rules assigned to sub-folders and individual devices take precedence over rules in the folder that contains them.
Permissions for a certain user account in a group can be changed from those in the group to which it belongs by specifying an exception.
The permissions granted to users and groups are assigned in terms of their profiles.
This allows the creation of subdomain for departments or units located in serveral countries or locations, one main folder with subfolder (subdomain), including users or devices specifically enabled for that department or countries. Those users will only get that restricted access.
Users can be added at a higher level (all together within the users folder), but they will have restricted access, depending on the folders or groups they are assigned to.
When users are enabled, they will automatically get the restriction set up for their profile, but they will be grouped as users in general.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.
Normal