Setting up FactoryTalk Security permissions on resources

FactoryTalk Security provides security for the resources managed by FactoryTalk Directory that are part of a FactoryTalk View application.
If you have installed FactoryTalk Services Platform and FactoryTalk View Site Edition on a computer for the first time with the standard FactoryTalk Directory mode:
  • In the FactoryTalk Local Directory, all users have full access to the directory and to FactoryTalk View.
  • In the FactoryTalk Directory Network, all users that are members of the Windows Administrator group on any local computer that is connected to the FactoryTalk Network Directory, will have full access to the directory and to FactoryTalk View.
You can use FactoryTalk Security to restrict access to the resources represented by objects in the Explorer window in FactoryTalk View Studio. These include the FactoryTalk Network or Local Directory; the FactoryTalk View application and its areas; and the System folder and its contents.
The resources contained in the System folder include Action Groups; Policies, such as the security policies that govern the management of passwords and single sign-on; Computers and Computer Groups (for network distributed applications); Networks and Devices; Users and User Groups, to create security accounts; and Connections.
You can assign security permissions to any of these resources. Security permissions define which actions a user may perform on resources. For example, they determine who can open, modify, and delete an application or area, as well as who has access to the FactoryTalk Directory folder and security setup.
For a network distributed application, security permissions are also associated with which computers a user may perform the action from.
When you right-click a resource in the Explorer window and then click Security, the Security Settings dialog box that opens lets you specify which users and computers can perform which actions on that resource.
For example, in the Security Settings dialog box for the Users folder, you can grant or deny access to perform actions on the folder itself, such as listing its contents (List Children) or adding new users (Create Children). In the Security Settings dialog for an application, if a user is granted permission to Create Children, it means they can add areas, HMI servers, and data servers to the application.
To set up security permissions on a resource:
  1. In
    FactoryTalk View SE
    , in the
    Explorer
     window, right-click a folder or icon, and then click
    Security
    .
  2. In the
    Security Settings
     dialog box, add the users you are going to set up permissions for.
  3. Click a user (or user group) and select a computer (or computer group) to associate the user (or group) with.
  4. Select the
    Allow
     check boxes beside the actions the user is to have permission to perform on the resource.
    For more information about setting up FactoryTalk Security in FactoryTalk View, see Chapter 5 in the
    FactoryTalk View Site Edition User's Guide
    .
    For further details about FactoryTalk Security, see the
    FactoryTalk Services Platform Help
    .
    TIP:
    • If both the Deny and Allow check boxes beside an action are cleared, the user is implicitly denied permission to perform the action. To grant permission to a user to perform an action, you must explicitly assign permission by clicking the Allow check box beside the action. This displays a check mark in the check box.
    • To explicitly deny a user permission to perform an action, click the Deny check box. Explicitly denying permission takes precedence over allowing permission. For example, if a user belongs to two user groups, one of which is allowed to delete an application, and the other is explicitly denied permission to delete an application, the user will not be able to delete applications.
    • Explicitly allowing permission takes precedence over implicitly denying permission.
    • To set up access to the FactoryTalk Directory, right-click the Network (or Local) directory icon at the root of the Explorer tree, and then click Security. By default, the application and the System folder inherit permissions set up here.
    • HMI servers inherit permissions from the area in which they reside.
    • In the Security Settings dialog box, inherited permissions are indicated by gray check marks, while explicit permissions are indicated by black check marks.
    • The policy settings apply across the entire FactoryTalk-enabled system. All FactoryTalk-enabled products that share a single FactoryTalk Directory, use the same policy settings.
    • FactoryTalk Network and Local Directories existing on the same computer, do not share policy settings.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.
Normal