ClearSCADA security is applied by the server(s) to every client that accesses the system (ViewX, WebX, Third Party OPC applications etc.). For example, a user that accesses the system via a Third Party OPC client is subject to the same restrictions as when accessing the system via ViewX.
When you first run the Server Configuration Tool, you need to log on using the Super User Account. When you apply security for the server(s), you need to use the Security section on the Server Configuration Tool to enable or disable the overall level of security for your system. A high level of security is enabled by default. To set up the various security settings that apply to ViewX and WebX clients as well as third-party clients, you need to use several sections.
- Display the Server Configuration Tool and log on if required.
- Expand the System Configuration branch of the tree-structure.
- Use the Security section to:
- Define the Default Security Settings for New User Accounts
- Configure the Super User Account
- Define Whether the Server Only Accepts Secure Connections
- Enable and Manage the Client Access Control List
The CACL is an additional security feature and distinct from the Access Control List (ACL) that is used to define the permissions for each object within the database, (see Understanding the Access Control List (ACL))
- Use the External Authentication section to define the External Authentication settings (if you are Using External Authentication with ClearSCADA).
- Use the Permission Restrictions section to restrict access to certain permissions (and the features to which they relate) as required (see Define whether any Permissions are Restricted).
The Permission Restrictions settings allow you to stop certain permissions from being available to every ViewX user, every WebX user, or every system user (ViewX and WebX users). The Permission Restrictions settings override the other security settings. For example, if the Configure permission is restricted for ViewX users and you log on to ViewX via a user account with Configuration settings, you will not be able to configure any database items as it is limited by the Permission Restrictions settings. To perform any action on your system, your user account needs the relevant permission (and the permission has to be unrestricted).