Open topic with navigation

Create User Accounts from a User Pattern

Geo SCADA Expert User accounts can be created automatically as part of an External Authentication process if:

In order to provide the settings for automatically created User accounts, you have to create and configure at least one User Pattern in the database.

If required, you can create and configure multiple User Patterns. For example, you might create one User Pattern for operator-level users, and another User Pattern for engineer-level users. You configure each User Pattern to provide access to the features that are relevant to the type of user to which the User Pattern relates. In order for Geo SCADA Expert to make use of the User Pattern, you have to reference that User Pattern from a User Group (see Provide Settings for Automatic User Creation).

On Geo SCADA Expert systems that use User Patterns, most of the User accounts are maintained externally outside of Geo SCADA Expert (following the initial setup in Geo SCADA Expert). You need only create and configure User accounts (as opposed to User Patterns) directly in Geo SCADA Expert for those users for which the user accounts are not integrated with Windows or LDAP user profiles. For users whose accounts are maintained externally outside of Geo SCADA Expert, the User accounts are added automatically when the user first attempts to log on to Geo SCADA Expert, based on the settings of the relevant User Pattern.

 

To define the requirements of the new User accounts that Geo SCADA Expert might be triggered to create automatically:

  1. You use User Patterns to define the Geo SCADA Expert features to which the new User accounts have access
    (remember that a User Pattern might form the basis of multiple User accounts) (see Configuring User Pattern Settings).
  2. You associate each User Pattern with the relevant User Group (one that is configured to Allow Automatic User Creation and is associated with a Windows domain group or LDAP user group) (see Provide Settings for Automatic User Creation).
  3. You use settings on the User Group Form to specify the location at which Geo SCADA Expert places the new User accounts that it creates automatically based on the User Pattern (see the link above).
  4. You assign the relevant security permissions to the User Group. (These security permissions will also apply to the new User accounts that Geo SCADA Expert creates automatically based on the User Pattern with which the User Group is associated.) For more information, see Allocating Permissions to a User Group or User Account.
    NOTICE

    SECURITY THREAT

    On systems on which Geo SCADA Expert can Create users automatically from group membership, the incorrect assignment of security permissions on User Patterns and User Groups can compromise the security of the system. Always restrict the security permissions that are allocated to User Patterns, and to User Groups that are integrated with Windows domain groups or LDAP user groups. Only assign those permissions that are actually required, to help prevent the automatic creation of new user accounts that allow Windows or LDAP users to perform high-level tasks, such as shutting down the server.
    Failure to follow these instructions can result in equipment damage.
  5. If the new User accounts are also to be associated with other User Groups, assign the relevant security permissions to those other User Groups. (These security permissions will also apply to the new User accounts that Geo SCADA Expert creates automatically based on the User Pattern. The permissions apply in addition to those inherited from the User Group mentioned in step 4. For more information, see Understanding User Accounts.)

    If more than one User Group is configured to Provide Settings for Automatic User Creation, Geo SCADA Expert uses the settings of the User Group that is assigned the highest Priority for creating the new User accounts. You specify the Priority on the User Group Form (see the previous link).

When a new user attempts to log on to Geo SCADA Expert via ViewX or Virtual ViewX using user credentials for a user that exists in Windows domain or LDAP, but not in Geo SCADA Expert, a new user account will be added to Geo SCADA Expert automatically. In doing so, Geo SCADA Expert applies settings from the relevant User Group and User Pattern when creating the new User account. These settings determine the Geo SCADA Expert features to which the new user has access, the security permissions to which the user is assigned in Geo SCADA Expert, and so on.

Such a system setup enables network administrators to manage User accounts remotely, outside of Geo SCADA Expert.

(You need only create User accounts manually, directly in Geo SCADA Expert, for those users that are to log on using accounts that are not integrated with Windows or LDAP user profiles.)

Further Information

User Groups.

Associate a Geo SCADA Expert User Group with a Windows Domain Group or LDAP User Group.

Example Configuration.

Summary of Configuration Settings Relating to External Authentication.

Disclaimer

Geo SCADA Expert 2022

© 2022 AVEVA Group Plc.  All Rights Reserved.

The Schneider Electric industrial software business and AVEVA have merged to trade as AVEVA Group plc, a UK listed company. Schneider Electric, Life is On Schneider Electric and EcoStruxure are trademarks and the property of Schneider Electric SE and are being licensed to AVEVA by Schneider Electric.