Define Whether any Permissions are Restricted

You use the Permission Restrictions settings on the Server Configuration Tool to control access on a server-wide basis. For example, you can remove the Acknowledge Alarms permission for every client that is connected to the server.

The Permission Restrictions settings are grouped as follows:

• Server Denied Permissions—The permissions in this group apply to every client that is connected to the server (ViewX clients, Virtual ViewX clients, Original WebX clients, the Automation interface, and so on).
• ViewX User Denied Permissions—The permissions in this group only apply to ViewX clients that are connected to the server.
• Virtual ViewX User Denied Permissions—The permissions in this group apply to Virtual ViewX clients only when the Virtual ViewX server is running in Full Virtual ViewX mode.
• WebX/Operator ViewX User Denied Permissions—The permissions in this group only apply to Virtual ViewX and Original WebX clients that are connected to the server and when the Virtual ViewX server is running in Limited Virtual ViewX/Operator mode. Any changes you make will not affect ViewX clients, the Automation interface, and so on.
• Standard Pick Menu Denied Permissions—The permissions in this group apply to the options in the standard pick action menu for database items. They apply to the standard pick action menu on ViewX and Virtual ViewX. However, the permissions only apply to the standard pick menu options; they have no effect on custom pick action menu options or server methods called from scripts.

The main advantages of using the Permission Restrictions settings are that they allow you to:

• Deny permissions to all users or to all ViewX and/or Virtual ViewX users that are connected to Geo SCADA Expert via the server, without having to alter the configuration of their individual user accounts.
• Specify different types of access according to the type of interface being used. In ViewX, the configuration of a user's user account defines which features are available to that user in both ViewX and Virtual ViewX.
• Deny access to the various standard pick action menu options for each of the client interfaces. For example, if you want all Virtual ViewX and Original WebX users to be unable to acknowledge alarms, you can use the Permission Restrictions settings to remove the Acknowledge Alarms permission for all WebX/Operator ViewX users, irrespective of the permissions allocated to their individual user account.

We recommend that you assess which permission restrictions are appropriate for each server, based on its role in your system and the system's operational requirements, and then configure the required restrictions accordingly.

To configure the Permission Restrictions settings:

1. Access the Geo SCADA Expert Server Configuration Tool.
2. Expand the required system and node.
3. Expand the System Configuration branch.
4. Select the Permission Restrictions entry. 

   On a Permanent Standby server, only configure these settings if they are not inherited from the Permanent Standby Permission Restrictions settings on the Main server.

   The settings will be inherited if, in the Partners section on the Main server, the Enabled check box is selected in the Permission Restrictions section of the Permanent Standby tab for the Permanent Standby server. For more information, see Specify Whether a Permanent Standby Server Inherits its Permission Restriction Settings and see Permanent Standby Permission Restrictions Tab.

5. In the Server Denied Permissions section, select the check boxes for those permissions that are to be denied on each type of client that accesses the system via the server, including ViewX and Virtual ViewX clients, and Original WebX clients. Features that are denied in this section do not appear in the security properties for any item in the database. By default on new installations, four permissions are restricted via the Server Denied Permissions section of the tool (Unacknowledge Alarms, Assign Alarm Responsibility, Off/On Scan, and Cancel Request). Depending on the role of the installed server, these restrictions may, or may not, be appropriate. For example, it is likely that you may want to remove the 'Cancel Request' restriction from those servers that might go Main, but leave it in place for Permanent Standby servers.

   For improved security, we recommend that you restrict other permissions in accordance with your operational requirements. However, take care when denying permissions in this section, as you may accidentally prevent users from being able to work with your Geo SCADA Expert system.

   

6. In the ViewX User Denied Permissions section, select the check boxes for those permissions that are to be denied on ViewX clients that are connected to the server. For example, if you select the Exclusive Control permission, ViewX users will be unable to access the Exclusive Control features, even if their user accounts allow them to use Exclusive Control features.

   

7. In the Virtual ViewX User Denied Permissions section, select the check boxes for those permissions that are to be denied on Virtual ViewX clients that are connected to the server. This section only applies when the Virtual ViewX server is running in Full Virtual ViewX mode (see Mode of Operation of a Virtual ViewX Server). When running in this mode, users with the relevant permissions and access can make database configuration changes using Virtual ViewX clients (see Differences Between the Virtual ViewX Client and ViewX).

   

8. In the WebX/Operator ViewX User Denied Permissions section, select the check boxes for those permissions that are to be denied on Virtual ViewX and Original WebX clients that are connected to the server. These permissions only apply to Virtual ViewX clients when the Virtual ViewX server is running in Limited Virtual ViewX/Operator mode (see Mode of Operation of a Virtual ViewX Server).

   NOTE: Certain features are not available in Original WebX. If you select the Control permission, Original WebX users will be unable to issue controls even if their user accounts allow them to issue controls (see Configuring Security and Connection Settings for Original WebX Clients).

   

9. In the Standard Pick Menu Denied Permissions section, select the check boxes for those permissions that are to be denied for standard pick action menu options. The permissions you select will affect the standard pick action menu on ViewX and Virtual ViewX clients that are connected to the server. For example, if you select the Acknowledge Alarms permission, the Acknowledge Alarms action will be unavailable via the standard pick action menu on both ViewX and Virtual ViewX.

   

10. When you have completed the required sections, right-click on the system icon in the Server Configuration Tool and select the Apply Changes option from the context-sensitive menu.
11. Restart the server.
12. Repeat this procedure for each system as required.