Permission sets and logical names
Permission sets and logical names identify a set of actions that are allowed or denied for one or more user groups or computer groups in a
FactoryTalk
network directory. Use permission sets to apply the same permissions to multiple controllers or project components. Use a logical name to associate permissions with a specific controller. When using a logical name, it must match the name of the controller.Secure with | Introduced version | Note |
|---|---|---|
Logical Names | FactoryTalk Services Platform version 2.10 | Using Logical Names to secure resources will increase the size of the cache that must synchronize between the FactoryTalk Directory server and each FactoryTalk Directory client. |
RSLogix 5000 version 12.00 | ||
Permission Sets | FactoryTalk Services Platform version 2.80 | We recommend that you use Permission Sets to improve the efficiency of the FactoryTalk Directory cache synchronization. |
Studio 5000 Logix Designer version 28.00 Note: RSLogix 5000 is known as Studio 5000 Logix Designer starting from version 21.00. |
When a user opens a project that is secured with a permission set or a logical name and configured to use only the selected security authority, the
Logix Designer
application checks the ID of the FactoryTalk Directory
to see if it matches the ID stored in the project. - If the ID matches, theLogix Designerapplication checks the directory and finds the logical name (that matches the controller name), or the permission set associated with the project, and gets the permissions for the current user/computer combination.
- If the ID does not match, the project uses the Guest User permissions defined for that permission set or logical name.
When a user opens a project that is secured but is not configured to use only the selected security authority, the
Logix Designer
application checks the connected FactoryTalk Directory
, finds the logical name or the permission set associated with the project, and gets the permissions for the current user/computer combination. Rockwell Automation
recommends configuring the project to use only the selected security authority to maintain control over the directory that secures the project.When configuring permission sets and logical names in the
FactoryTalk Administration Console
, can also configure permissions for Guest Users. The permissions for Guest Users determine the level of access for users who are not authenticated on the same FactoryTalk
directory that the project was secured with.Permissions for Guest Users are cached in the project file to which they are associated. However, the permissions are only stored in the project file for permission sets that have been applied to objects by a user of the primary
FactoryTalk
directory.Provide Feedback