Use Server Side Permission Restrictions

You use the Permission Restrictions section of the Server Configuration Tool as a means of restricting access to the system on a per server basis. You can then restrict access to other features and/or database items on a per User Group, or individual User, basis, if required.

You use the Permission Restrictions settings to deny certain permissions at one of four different levels:

By restricting access to permissions on a server-wide basis in this way, you can make your system more secure by limiting which features are available to clients that connect to ClearSCADA via specific server(s).

 

You may decide that you want your users to be able to issue a control when they log on via ViewX, but not when they log on via WebX. To enforce this, you would clear the Control check box in the ViewX User Denied Permissions settings and select the Control check box in the WebX User Denied Permissions settings.

To use the server side permission restrictions effectively, you need to consider the working procedures of your operators, engineers and administrators. Taking into account their expected duties, you can restrict their access so that when they log on they can only access the features they need.

By default on new installations, four permissions are restricted via the Server Denied Permissions section of the tool (Unacknowledge Alarms, Assign Alarm Responsibility, Off/On Scan, and Cancel Request). Depending on the role of the installed server, these and other restrictions may, or may not, be appropriate. We recommend that you assess which permission restrictions are appropriate for each server, based on its role in your system and the system's operational requirements, and then configure the required restrictions accordingly. For example, it is likely that you may want to remove the 'Cancel Request' restriction from those servers that might go Main, but leave it in place for Permanent Standby servers.

Remember that the settings that you apply using the Server Configuration Tool only apply to the server on which you have configured those settings. On a multi-server system, you also need to apply similar settings to the other servers on the system (taking into account the different roles of those servers, and your system's operational requirements).

For more information on configuring the server side permission restrictions, see Define whether any Permissions are Restricted. For information about the permissions themselves, see Permissions for Database Items.

Further Information

Organize your Users and User Groups.

Allocating Permissions to a User Group or User Account.


Disclaimer

ClearSCADA 2017 R2