Things you can secure

Use Allow
or
Deny
permissions to secure access to resources in the system. Resources include:

The

FactoryTalk

network directory or local directory

The System folder and its contents

Applications

Areas

Servers

Control networks

Hardware devices

Security for resources is always tied to users, actions, and computers

Security for resources is always tied to users or groups of users, the actions they are performing, for example, read or write, and the computers, or groups of computers where they are working.

This helps ensure that only authorized personnel can perform actions on the equipment and resources in the system from appropriate locations, for example, computers located within line of sight of equipment.

In a local

FactoryTalk

directory, a user can perform actions only from the local computer.

Set permissions to restrict actions to users, user groups, computers, or computer groups

For each resource (such as an application or an area within it), actions (such as writing values) can be restricted to particular users or user groups.

Group actions together and assign security permissions to all actions in the group. For example, assign permissions to an area so that only operators working on computers located within the line of sight of heavy machinery can write values to the programmable controllers in that area.

Suppose that:

The area is named "Punch Presses"

The operators belong to a user group named "Operators"

The computers within line of sight of the machinery belong to a computer group named "Heavy Machinery"

First, clear Allow
for All Users and All Computers
in the Punch Presses area. Next, select Allow
for the user group Operators and the computer group Heavy Machinery.

When setting permissions, the Deny
permissions are implied unless the Allow
permissions are specified explicitly. Clearing Allow
ensures that all users are denied write access, except those explicitly allowed access.

Using the Security item

Right-click an item in the Explorer
and select Security
, to set up which users or user groups on which computers may access the selected resource.

IMPORTANT:

Right-clicking the System
folder, Users and Computers
folder, Users
folder, or the Computers
folder, and specifying security permissions sets security on that actual folder. It does not limit users’ access to the system.

To limit access to resources in the

FactoryTalk

system, right-click the resource to secure, select Security
, and specify security permissions for the user and computer accounts allowed to access the resource.

Security settings are separate in the network and local directory

Security settings are completely separate in the network directory and local directory. Changes made to the security settings in the network directory do not affect the local directory and vice versa. If using both a network directory and a local directory, set up security in each directory separately.

Security settings apply to all

FactoryTalk

products

Security settings configured for resources apply to all

FactoryTalk

products in the system. For example, when denying a user Read
access to an area from a particular computer, that user cannot see that area in any

FactoryTalk

product while working from that computer.

Provide Feedback

Have questions or feedback about this documentation? Please submit your feedback here.