How to configure security settings to restrict Safety Operator Role?HI
For the scope of our requirment, I need to configure 2 seperate operator groups(Normal Operators, Safety Operators).
Normal Operator has the Operator role only. I am using the standard operators groups.
Safety Operator has the Safety Operator role only. I have made my own group for this.
Lets take into account a simple object that I will be using (SignalRealM).
The normal Operator shold not be able to force the values of the object. I have sucesffuly done this for the Normal Operator by making my own permission and then using the property override aspect in the object type structure to deny the normal operator the forcing functionality.
However, as part of our requirement the Safety Operator should not be able to force the paramters of this objects instances too as it does not fall under his jurisdication(DCS object). I did not give the safety operator the permission i made but it is somehow getting overriden. He can still force values for this object instances.
Could you please shed some light as to what may be the property that is allowing the Safety Operator to still force values?
Voted best answer
1. Enable AuditTrail_OperatorAction (no license is required)
2. Monitor the audit while a safety operator forces a signal (which he should not be allowed to)
3. Notice the OPC write posted when forcing (SomeRealIOVariable.Forced = TRUE)
4. Review the permissions set on this object and property.
A permission with an asterix (*) suffix is undefined in the object type and the System 800xA factory default "Operate" permission has been assumed.
5. Correct permission on type (if library is open) or using property attribute override on type or instance level.
If object level permission is unexpectedly too high, use the right click -> Details... Permission (tab) and Explain.. button to find from where the Allow is in effect.