Open topic with navigation

Define the Security Settings for a User

The Inactivity Logout property described in this topic applies both to User Forms and User Pattern Forms. The rest of the properties described in this topic apply only to User Forms of User Accounts that are managed directly in Geo SCADA Expert. With User Accounts that are associated with Windows or LDAP User Profiles, password management is performed via the relevant Windows domain or LDAP server.

(User Patterns only apply to systems on which Geo SCADA Expert can create new User accounts automatically as part of an External Authentication process. For more information, see Create User Accounts from a User Pattern.)

User Forms and User Pattern Forms include a Security tab if the Allow Per-User Configuration feature is enabled in the server configuration (see Define the Default Security Settings for New User Accounts). With User Accounts that are managed directly in Geo SCADA Expert, you can use the Security tab to override the server default settings on a per-user basis. If you have many similar types of users we recommend that you use the server default security settings (see Define the Default Security Settings for New User Accounts).

To define the security settings for a user account that is managed directly in Geo SCADA Expert:

  1. Display the User Form.

    If the default server security settings are set to allow per-user configuration (see Define the Default Security Settings for New User Accounts), the User Form contains a Security tab. This tab is automatically included if the server security is not configured. You can use the Security tab to define security settings for the individual user account, providing that the user account is managed directly in Geo SCADA Expert, rather than via an associated Windows or LDAP User Profile.

  2. Select the Security tab. This tab is only available if the Allow Per-User Configuration feature is enabled in the server configuration (see Define the Default Security Settings for New User Accounts).

  3. Define the security settings as follows:

    Enabled

    Select this check box to enable the security features for the user account. If you enable the security settings for the User, you will be able to apply specific security settings to the user account you are currently configuring and override the default server security settings.

    (When you select this check box on User Pattern Forms, only the Inactivity Logout field becomes available for use on the tab (see below). The rest of the properties on the Security tab remain 'grayed out' on User Pattern Forms, as the other security settings are handled outside of Geo SCADA Expert for externally authenticated users.)

    Minimum Password Length

    Define the least number of characters permitted in a password for this user account.

    Minimum Password Strength

    Choose the password strength. The password strength determines which characters are required in the password:

    • Weak—The password can contain any characters.
    • Medium—The password has to contain a combination of upper and lower case characters.
    • Strong—The password has to contain a combination of upper and lower case characters and digits.
    • Very Strong—The password has to contain a combination of upper and lower case characters, digits, and punctuation characters such as commas.

    Clear this check box to disable the security features for the user account. If you disable the security features, the user account will use the default security settings that are applied at the server (see Define the Default Security Settings for New User Accounts).

    Allowed Failed Logons

    Define the number of log on attempts that are permitted. If the user does not enter the correct Username and Password within the defined number of attempts, the system will disable the user account. The user will be unable to log on via the account until a system administrator has re-enabled the user account by enabling the account (see Enable or Disable a User Account).

    Delayed Lockout

    Select this check box to enable Geo SCADA Expert to disable the user account temporarily for the duration defined in the Delayed Lockout Duration field. Geo SCADA Expert will do this if the user does not enter the correct Username and Password within the number of attempts defined in the Delayed Lockout Logons field.

    Delayed Lockout Logons

    Define the number of log on attempts that are permitted if the Delayed Lockout feature is enabled. If the user does not enter the correct Username and Password within the defined number of attempts, the system will disable the relevant user account for the duration defined in the Delayed Lockout Duration field.

    Specify a value that is smaller than that specified for the number of Allowed Failed Logons.

    Delayed Lockout Duration

    Define the duration of time that the user account is disabled if the Delayed Lockout feature is enabled.

    Enter the required interval in the OPC Time Format. You can enter the value directly in the field, or use the Interval window (accessed via the field's browse button) to specify the required value. For example, enter 30S to disable the account for 30 seconds.

    Password Dictionary Size

    Define the number of passwords that are stored in the password dictionary.

    When you create a password, it is stored in the password dictionary. When the Password Expires After time has elapsed, you need to enter a new password. The new password cannot be the same as any of the passwords in the password dictionary.

    Must Have Password

    Define whether the user account requires a password. If you select the check box, the user account has to have a password; if you clear it, the user account does not need a password.

    Can Change Password

    Define whether the user of the user account can change their own password. If you select the check box, the user will be able to alter their own password via the Change Password action. (For more information, see Change your Password via ViewX in the Geo SCADA Expert Guide to ViewX and Virtual ViewX Clients.).

    Password Expires After

    Define the valid duration of a password. When the amount of time that you define has passed, a new password has to be configured for the user account. This feature is designed to provide additional security by making users change passwords regularly.

    Enter the required interval in the OPC Time Format. You can enter the value directly in the field, or use the Interval window (accessed via the field's browse button) to specify the required value. For example, enter 4W for 4 weeks.

    Example:

    Password Dictionary Size is set to 3, the password dictionary stores the previous three passwords.

    Password Expires After time is set to 10 days, each password expires after 10 days.

    Password Expiration Warning Days

    Specify the number of days' warning that the user is given in advance of their current password expiring. Once this limit is reached, Geo SCADA Expert generates a diagnostic message whenever the user logs on, informing the user of the number of days that remain until their password expires. The diagnostic message appears in the Messages Window. The user is prompted to change their password before the expiration date occurs.

    Inactivity Logout

    Define the amount of time that the user can remain logged on via the user account, but be inactive. If the user does not interact with the system within the defined time, the user session expires. When this happens, the Geo SCADA Expert displays that are open on that ViewX client are hidden from view until the user confirms their password in order to continue their session (see Session Expiry due to User Inactivity). Virtual ViewX users are logged out of their sessions and returned to the login page. This feature is designed to prevent clients that are unmanned for an extended period of time from being accessed by unauthorized users.

    Enter the required interval in the OPC Time Format. You can enter the value directly in the field, or use the Interval window (accessed via the field's browse button) to specify the required value. For example, enter 10M for 10 minutes. The time period you define begins when a user logs on via the user account.

    For more information about the Inactivity Logout property and how it is used in conjunction with other Inactivity properties, see Define the Default Security Settings for New User Accounts.

    If the Allow Per-User Configuration feature is disabled on the server, User Accounts and User Pattern Forms will not include a Security tab. With such a setup, both new and existing User Accounts will inherit the Inactivity Logout period that is specified on the server (see Define the Default Security Settings for New User Accounts). This includes User Accounts that are created from User Patterns.

Disclaimer

Geo SCADA Expert 2022

© 2022 AVEVA Group Plc.  All Rights Reserved.

The Schneider Electric industrial software business and AVEVA have merged to trade as AVEVA Group plc, a UK listed company. Schneider Electric, Life is On Schneider Electric and EcoStruxure are trademarks and the property of Schneider Electric SE and are being licensed to AVEVA by Schneider Electric.