FactoryTalk Security

FactoryTalk Security
 improves the security of your automation system by limiting access to those with a legitimate need.
FactoryTalk Security
 authenticates the identities of users, and authorizes user requests to access a
FactoryTalk
 system against a set of defined user accounts and access permissions held in the
FactoryTalk
 local directory or
FactoryTalk
 local directory.
Integrated security services for your
FactoryTalk
 system
FactoryTalk Security
 provides security services integrated into both the
FactoryTalk
 local directory and the
FactoryTalk
 network directory. In a local directory, all project elements are located on a single computer, and the
FactoryTalk Administration Console
 system cannot be shared across a network. A network directory organizes information about project elements from multiple
FactoryTalk
 products across multiple computers on a network. Even though a local directory and a network directory are always present on the same computer, all of their project elements remain completely separate and cannot be shared.
Authentication and authorization
Using
FactoryTalk Security
 with
Rockwell Automation
 software for an integrated, cross-product solution to two universal security concerns: authentication and authorization.
  • Authenticate
    —verify a user’s identity and verify that a request for service actually originates with that user.
  • Authorize
    —verify a user’s request to access a software resource against defined access permissions.
FactoryTalk Security
 addresses both authentication and authorization concerns and defines the answer to the question:
"
Who
 can carry out
what actions
 upon
which secured resources
 from
where
?"
  • Who
    —refers to users and groups of users. Different users need different access rights.
  • What actions
    —refers to the actions that can be performed on a resource, such as read, write, update, download, create, delete, edit, insert, and so on.
  • Which secured resources
    —refers to the objects for which actions are secured. Each
    FactoryTalk
     product defines its own set of resources. For example, some products might allow security configuration on resources in an area, while others might allow security configuration for logic controllers and other devices.
  • Where
    —allows security to differ based on machine location. It is sometimes important to restrict certain actions to specific workstations. For example, for safety reasons, it might be necessary to allow downloading values to a controller only from workstations that are located within a clear line of sight to the plant floor machinery that are affected by the downloads.
The principle of inheritance determines how access permissions are set. For example, assigning security to an area in an application, all of the items in the area inherit the security settings of the area. Override this behavior by setting up security for one or more of the individual objects inside the area.
At runtime, when a user attempts to log on to a
FactoryTalk
 system,
FactoryTalk Security
 verifies the user's identity. If the user is authenticated,
FactoryTalk Security
 continues to check the user's level of access to the system, in order to authorize the actions that the user performs on secured resources.
System-wide policies dictate some security settings. For example, you can set up a policy that requires users to change their passwords once every 90 days.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.
Normal