Security in a FactoryTalk system
FactoryTalk Security
improves the security of an automation system by limiting access
to users with a legitimate need. Security in FactoryTalk
is accomplished
through authentication and authorization. Security services are managed separately in the
FactoryTalk
local directory and the FactoryTalk
network
directory.Authentication
FactoryTalk
authenticates the user's identities to access a FactoryTalk
system against a defined set of user accounts held in the FactoryTalk Directory
. FactoryTalk
verifies a user’s identity and that a request for service actually originates with that user.Authorization
FactoryTalk
authorizes user requests to access resources in a FactoryTalk
system against a set of defined access permissions held in the FactoryTalk Directory
.Securing resources
FactoryTalk Security
addresses both authentication and authorization concerns by helping define the answer to this question:"Who
can carry out what actions
upon which secured resources
from which locations?"
- Who—refers to users and groups of users. Different users need different access rights.
- Actions—refers to the operations to perform on a resource, such as read, write, update, download, create, delete, edit, insert, and so on.
- Secured resources—refers to the objects for which actions are secured. EachFactoryTalkproduct defines its own set of resources. For example, some products might allow configuring security on resources in an area, while others might allow configuring security for logic controllers and other devices.
- Locations—refers to the location of the authorized computers. For example, allowing values to be downloaded to a controller only from workstations that are located within a clear line of sight to the plant floor machinery to adhere to safety requirements.
The principle of inheritance determines how access permissions are set. For example, when assigning security to an area in an application, all of the items in the area inherit the security settings of the area. Override this behavior by setting up security for one or more of the individual objects inside the area as well.
When a user attempts to log on to a
FactoryTalk
system, FactoryTalk Security
verifies the user's identity. If the user is authenticated, FactoryTalk Security
continues to check the user's level of access to the system, to authorize the actions the user performs on secured resources.System-wide policies dictate some security settings. For example, setting up a policy that requires users to change their passwords once every 90 days.
Know more about the tips when setting up the
FactoryTalk
system to achieve efficient management of user authentication and authorization from Best practices.Provide Feedback