Security

Security settings in FactoryTalk View Site Edition are managed in two locations. Users, groups, and global permissions are set in
FactoryTalk Security
, while application and runtime permissions are set in
FactoryTalk View Runtime Security
.
FactoryTalk Security
FactoryTalk Security uses this information to provide two basic services:
  • User authentication
     verifies the user’s identity, and whether a request for service actually originated with that user.
  • User authorization
     verifies the user’s request to access a software resource, based on the access rights and privileges defined for that user.
For example, when a FactoryTalk View SE network distributed application user signs in to FactoryTalk View Studio, FactoryTalk Security services verify the user’s identity first.
If authentication succeeds, security services check permissions assigned to the user, to authorize actions performed on secured parts of the application.
In a network distributed application, security services also check whether the user is allowed to perform authorized actions on the current computer.
You also use FactoryTalk Security to create security accounts for users and groups, to set up general security permissions on common actions such as tag writes, open, and delete, and to set security policies such as who can back up and restore directories, when or if passwords will be reset, and so on.
FactoryTalk View Runtime Security
FactoryTalk View Runtime Security manages runtime security for HMI project components, including FactoryTalk View commands and macros, graphic displays, OLE objects, and HMI tags. In FactoryTalk View Studio, you can secure access to HMI project components by assigning security codes (A - P) to users and user groups (in the Runtime Security editor); to commands and macros (in the Runtime Secured Commands editor), to graphic displays and OLE object animation (in the Graphics editor), and to HMI tags (in the Tags editor).
Before you can assign FactoryTalk View security codes to users and user groups, you have to create the user and user group accounts in FactoryTalk Security, and then add them to the Runtime Security editor.
Remarks
  • All FactoryTalk user and user group security accounts are created in the Users or User Groups sub-folders within the System folder in the Explorer window.
  • Runtime access to HMI project components is assigned to users and user groups when you add them in the Security Settings dialog box, which you open by clicking the Security Accounts button in the Runtime Security editor in FactoryTalk View SE.
  • If you have set up FactoryTalk Security, when a user is logged on to the FactoryTalk View SE Client and the Login command is issued, the login dialog opens on top of any displays that are visible. The current user is not logged out until the new user successfully logs in.
  • When a user logs out of the FactoryTalk View SE Client, all open displays are closed and the log on dialog is displayed until another user logs on. This leaves the client in a secured state.
  • For details about setting up and using FactoryTalk Security, see the
    FactoryTalk Services Platform Help
     or the
    FactoryTalk Security System Configuration Guide
    .
  • For more information about how these features are used in FactoryTalk View, and for examples of assigning FactoryTalk Security permissions to FactoryTalk View users and user groups, see Chapter 5 in the
    FactoryTalk View Site Edition User's Guide
    .
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.
Normal