AADvance-Trusted SIS Workstation software
and
FactoryTalk Security

When used with the
AADvance-Trusted SIS Workstation software
application,
FactoryTalk Security
supports securable actions and permission sets. You can configure these
FactoryTalk Security
settings in the
FactoryTalk Administration Console
.
In the
AADvance-Trusted SIS Workstation software
application:
  • FactoryTalk
    Directory provides the security settings.
  • It is not possible to use the
    FactoryTalk
    Local directory.
  • FactoryTalk Services Platform
    version 6.31 or later supports associating the project with a specific
    FactoryTalk Directory
    .
  • You can add, change, or remove the permission set in
    Trusted
    projects with
    AADvance-Trusted SIS Workstation software
    project properties.
  • When you archive and restore a project in
    AADvance-Trusted SIS Workstation software
    , the permission set associated with the project is maintained.
  • You can log on to or log off of
    FactoryTalk
    from
    AADvance-Trusted SIS Workstation software
    . When the single sign-on property is enabled in
    FactoryTalk
    security policy,
    AADvance-Trusted SIS Workstation software
    automatically initiates a sign-in attempt with the Windows user account.
Permission sets identify a set of actions that are granted or denied for user groups or computer groups. Use permission sets to define permissions in the
FactoryTalk Administration Console
and to apply the same permissions to multiple projects.
IMPORTANT: Users could lose (or gain) permission to open or edit a project, if you change the permission set. Always check the Effective Permissions in
FactoryTalk Administration Console
to ensure that users have the appropriate access. Before you use these features, read the
FactoryTalk Security System Configuration Guide
, which is available in the Rockwell Automation Literature Library: rockwellautomation.com/en-us/support/documentation/literature-library.html
Users must log off and on to
AADvance-Trusted SIS Workstation software
again to apply the changes made in
FactoryTalk Administration Console
.
When a user opens a project that is secured with a permission set, the
AADvance-Trusted SIS Workstation software
application checks the Security Authority Identifier, which represents the
FactoryTalk Directory
ID, to see if it matches the ID in the project.
  • A matching ID causes the
    AADvance-Trusted SIS Workstation software
    to check the
    FactoryTalk Security
    server for permission sets associated with the project, and to retrieve the permissions for the current user and computer combination.
  • An unmatched ID prevents the project from opening.
    IMPORTANT: Projects that are secured and bound to a specific Security Authority cannot be recovered if the security authority identifier of the
    FactoryTalk
    Network Directory used to secure the project no longer exists. For more information on backing up a
    FactoryTalk Directory
    , see
    Back up a FactoryTalk system
    in the
    FactoryTalk Services Platform
    online help.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.
Normal