Open topic with navigation

Understanding User Accounts

User accounts are designed to help protect your system from unauthorized access and to restrict the features that are available to different users. For example, you can configure a user account so that it allows the user of that account to view alarms but does not allow them to interact with the alarms.


When you first install Geo SCADA Expert, you can only logon to the client using the Super User Account. You then need to configure a system administrator-level user account with full permission to configure the database, including user accounts. Once you have created such a user account, you should disable the Super User account.

When you start ViewX the system automatically uses the Guest user account (see Built-In User Accounts). By default the Guest user account does not have any permissions and cannot access the database. You need a valid user account to logon and access the contents of the database. Virtual ViewX users must use a configured user account to log on.

If you access Original WebX without logging on, you use the Web user account.

As you set up your system security, you will create ‘authenticated’ user accounts, which are referred to as Configured User Accounts. Typically, you will need to create an ‘authenticated’ user account for each user. The exception to this is a system that is configured to enable Geo SCADA Expert to Create users automatically from group membership. With such a system, when a new user attempts to log on to Geo SCADA Expert via ViewX or Virtual ViewX using user credentials for a user that exists in Windows or LDAP, but not in Geo SCADA Expert, a new user account is added to Geo SCADA Expert automatically. To enable this, you use a special type of User account called a User Pattern, to define the settings that apply to the new User accounts that Geo SCADA Expert might be triggered to create automatically. For more information, see Create User Accounts from a User Pattern.

 

Every item in the database has its own security settings. By configuring the security settings, you can control which user accounts have access to the various features of a database item (or group of database items if you configure the security settings of a Group). You do this by granting ‘permissions’ to each user account as required. For example, you could configure the security settings of a point so that one user account has the permissions required to configure the point and respond to its alarms, whereas another user account only has the permissions to view the point. You can find out more about the various permissions in Allocating Security Permissions.

You can grant each user account its own permissions for each individual database item, or group of database items. By default, if a user account has the permissions for a Group item, it also has the same permissions for the items within that Group. However, you can reconfigure the security settings for items in the Group so that access is restricted as required.

You can also associate a user account with a User Group. When a user account is part of a User Group, it means the user of that account is granted the permissions of the user account and the permissions of the User Group (see Understanding User Groups).

When you first install Geo SCADA Expert, the only User Group that exists is the ‘Everyone’ User Group, which is a built-in User Group (see Built-In User Groups). No matter which user account you use to access Geo SCADA Expert, you are automatically given the permissions that have been allocated to the ‘Everyone’ User Group.

When a user interacts with ViewX or Virtual ViewX, Geo SCADA Expert assesses the user account that is being used to determine which features and items are available to that user:

You can also restrict access to certain features via the User Form for each user account. Changing the configuration of a user account does not affect the permissions, but can stop a user from being able to access certain features from ViewX or Virtual ViewX (even if they do have the necessary permissions).

In ViewX or Virtual ViewX, you can only access a feature for an item if you are logged on via a user account that provides access to the feature and has the relevant permission for the required item.

NOTICE

Security threat

On systems on which the 'Everyone' User Group is enabled, all User Accounts on the system automatically inherit the security permissions that are assigned to the 'Everyone' User Group, including the Guest user (which does not require a logon). Each user's security permissions comprise: Everyone permissions + User Group permissions + User Account permissions. To help avoid providing all users with unintended access to features and functionality that should be restricted, use configured User Groups rather than the 'Everyone' User Group. If the 'Everyone' User Group has to be used, it MUST be assigned the minimum permissions required, with access restricted where possible to just the relevant parts of the database. (On new installations, the built-in 'Everyone' User Group is inactive and is not assigned any security permissions by default.)
Failure to follow these instructions can result in equipment damage and a breach in system security.

Further Information

Organize your Users and User Groups.

Disclaimer

Geo SCADA Expert 2022

© 2022 AVEVA Group Plc.  All Rights Reserved.

The Schneider Electric industrial software business and AVEVA have merged to trade as AVEVA Group plc, a UK listed company. Schneider Electric, Life is On Schneider Electric and EcoStruxure are trademarks and the property of Schneider Electric SE and are being licensed to AVEVA by Schneider Electric.