Open topic with navigation

Overview of User Account Security

Geo SCADA Expert has two main security mechanisms: user account configuration and database item security permissions. Typically, each system user is allocated a user account. The features that are available to the user depend on the configuration of their user account and the security settings of the items in the database.

When a user accesses Geo SCADA Expert, they typically log on manually using a configured user account. (If a user attempts to access the system without logging on, they will be logged on as the Guest user (if available). The Guest user is one of the Built-In User Accounts.)

Virtual ViewX users have to use a configured user account to log on.

‘Configured’ user accounts are regarded as a more secure way of accessing your system as they require manual entry of a user name and password (see Configured User Accounts).

When a user logs on via a user account that is a 'member' of a User Group, that user is granted:

NOTICE

Security threat

On systems on which the 'Everyone' User Group is enabled, all User Accounts on the system automatically inherit the security permissions that are assigned to the 'Everyone' User Group, including the Guest user (which does not require a logon). Each user's security permissions comprise: Everyone permissions + User Group permissions + User Account permissions. To help avoid providing all users with unintended access to features and functionality that should be restricted, use configured User Groups rather than the 'Everyone' User Group. If the 'Everyone' User Group has to be used, it MUST be assigned the minimum permissions required, with access restricted where possible to just the relevant parts of the database. (On new installations, the built-in 'Everyone' User Group is inactive and is not assigned any security permissions by default.)
Failure to follow these instructions can result in equipment damage and a breach in system security.
ClosedRelationship between Features and Permissions

Example:

If you access the security settings for a Mimic, you can allocate the Configure permission to a user account or the User Group associated with the user account. The user of the account has the Configure permission that allows access to the Mimic configuration features. However, the user will only be able to configure the Mimic in ViewX if the user account also has the Configure Documents feature enabled.

To access ViewX features such as the configuration options, user accounts need to have the permissions for a database item and the relevant ViewX features enabled on their User Forms (see User Accounts).

User Groups and user accounts are only applicable if Security is enabled. You can enable Security by using the Server Configuration Tool (see Define Whether any Permissions are Restricted).

Disclaimer

Geo SCADA Expert 2022

© 2022 AVEVA Group Plc.  All Rights Reserved.

The Schneider Electric industrial software business and AVEVA have merged to trade as AVEVA Group plc, a UK listed company. Schneider Electric, Life is On Schneider Electric and EcoStruxure are trademarks and the property of Schneider Electric SE and are being licensed to AVEVA by Schneider Electric.