How inheriting security permissions works in FactoryTalk Security

FactoryTalk Security

is based on principles of inheritance applied to a hierarchical structure, such as the tree structure of folders and resources in the

FactoryTalk View Studio

Explorer

window.

Security permissions on a resource in the

Explorer

window are automatically inherited from its parent, the object immediately above it in the hierarchy. For example, if you assign security to an area in an application, the HMI server in the area inherits the permissions of the area. If you do not explicitly assign security permissions to an area, the area inherits security settings from the application. The top of the hierarchy is the

FactoryTalk

Network or Local Directory.

Basic security access for users and groups at the

FactoryTalk

Network or Local Directory will be inherited by all resources at lower levels, such applications and areas. Refine the security for selected users as necessary by overriding inherited permissions on lower-level resources.

The extent to which permissions are inherited depends on how intact the chain of inheritance is. For example, if you select the

Do not inherit permissions

check box for an area, the HMI server within the area can only inherit permissions from the area. It cannot inherit permissions from the application in which the area is located, because the chain of inheritance from the directory at the top of the hierarchy is broken. As breaking the chain of inheritance complicates administration, do so only when it is absolutely necessary.

You can also override inherited permissions by assigning explicit permissions, because they take precedence over inherited permissions. For example, if an area inherits permissions from an application, you can override the inherited permissions by specifying permissions explicitly for the users, groups, or computers for the area.