User Group permissions in 800xA
- 800xA 5.1 Rev. D FP4 RU1
- Servers are on domain
- Physical servers
- Windows server 2008 R2 & Windows 7 Pro
Hello. I am having trouble understanding some of the user permissions for 800xA groups in the User Structure.
My user is set up to have all rights, but not a member of the "Administrators" group and the "Operators" group (my profile has "System Engineer" and "Application Engineer/Manager" Roles). I am also "Domain Admin"
1) As I understand the documentation [3BSE037410-510D, pg. 83], a member of the "System Engineers" group should be able to add/remove users. In our system I get an error message when trying to add new users (by using the "synchronize with windows"). I sync the "Everyone" group first, and the new user shows up. When I click "apply" I only get "Operation failed to execute! [error] Access is denied. [Aspect] user Structure..." When I do the same operation as an 800xA "Administrator" it is working. The "Security Definition Aspect" in "Admin Structure" doesn't seem to be indicating anything should be disallowed either.
2) Performing RTA Upload from MB300 controllers might be a related issue. It has to be performed as 800xA "Administrator" member to work 100% correctly.
Have I misunderstood the documentation, and is there any way to check these permissions in the 800xA configuration? The settings are not changed in the System Configuration Console -> Security -> Default Security. My user only lacks the "Break Reservation", "Grab responsibility", "Operate", "PLCC Limiter", "Refresh" and "Release Responsibility" permissions
Voted best answer
You need to be 800xA Administrator to configure users. If you do not want to do that, you can customize so that user has following permissions enabled.
"Modify / Administrate"
In general, if you need to know the user rights required to use an aspect, right click on the aspect, go to details, Permissions tab.