Open topic with navigation

Define which Permission is Required to Execute a Logic Program

You can use the Execution Permission setting to define which security permission (if any) is required to access a Logic program’s Execute action. Each Logic program has its own Execution Permission setting, so you can control which users can execute Logic programs on a per-program basis.

The availability of the Execute action can also be restricted by using the Allow Manual Execution setting (see Define whether a Logic Program can be Executed Manually)Define whether a Logic Program can be Executed Manually(see Define whether a Logic Program can be Executed Manually). If the Allow Manual Execution setting is disabled for a Logic program, users will not be able to access the program’s Execute action even if they have the required Execution Permission.

Example:

A Logic program named ‘PumpControl’ is configured to have an Execution Permission setting of Control. It is also configured to have the Allow Manual Execution setting enabled.

A user logs on via a User account named ‘A Hall’. The ‘A Hall’ user has the Control permission for the ‘PumpControl’ program. This means that ‘A Hall’ can access the Execute action for the ‘PumpControl’ program, as Control is the defined Execution Permission.

Another Logic program named ‘SensorVariation’ is also configured to have an Execution Permission of Control. However, the ‘A Hall’ user does not have the Control permission for the ‘SensorVariation’ program. When the ‘A Hall’ user accesses the context sensitive menu for the ‘SensorVariation’ program, the Execute action is not included as an option.

The configuration of the ‘PumpControl’ program is changed so that it no longer has Allow Manual Execution enabled. With the change in place, the ‘A Hall’ user is unable to select the Execute action for the ‘PumpControl’ program, even though ‘A Hall’ has the Control permission. This is because the Allow Manual Execution setting is disabled; the Execute permission is unavailable to users, irrespective of their permissions for the program.

To define the Execution Permission for a Logic program, display the Logic Program Form, select the Logic tab, then use Execution Permission combo box to choose the required permission. Only users that have the selected permission will be able to access the program’s Execute action (which is only available if the Allow Manual Execution setting is also enabled, see Define whether a Logic Program can be Executed Manually).

Further Information

Display the Logic Program Form: see Configure an ST Program, Ladder Diagram, SFC or FBD.

Disclaimer

ClearSCADA 2017 R2

© 2018 AVEVA Group Plc.  All Rights Reserved.

The Schneider Electric industrial software business and AVEVA have merged to trade as AVEVA Group plc, a UK listed company. The Schneider Electric and Life is On trademarks are owned by Schneider Electric and are being licensed to AVEVA by Schneider Electric.