Read only Client in 800XA
Is there any option to have ready only client in 800XA ?
Regardless of which ever user login to the system , only we can see the displays (Excluding the 800XA Service account)
If an Engineer login to this particular pc he will not able able to operate anything.
Regardless of which ever user login to the system , only we can see the displays (Excluding the 800XA Service account)
If an Engineer login to this particular pc he will not able able to operate anything.
Asked 7 months ago
Answers
2
Add a security definition aspect there you deny the operate right for all users only on this machine:
![]()
/Erik
/Erik
0
HI!
Without knowledge of your system.
Make sure taht you synchronize your windows user (accounts/groups) with the 800xA system user groups.
Next step is to study the Administration & Security Manual (3BSE037410-xxx)
Without knowledge of your system.
Make sure taht you synchronize your windows user (accounts/groups) with the 800xA system user groups.
Next step is to study the Administration & Security Manual (3BSE037410-xxx)
Good luck!
Answered 7 months ago
0
Use Security Definition aspect for all the objects where graphic display aspects are present and then Deny Operate action for all the users except 800xAService, for all the nodes in that system. Please refer manual 3BSE037410 for more details. Hope this helps.
Answered 7 months ago
0
With default security settings*, operation requires membership of the Operators User Group in System 800xA.
Membership of the Operators User Group may be synchronized with the Microsoft Windows Domain or Workgroup - but notice, this is no automated sync; addition and deletion of users in 800xA is still subject to manually finding it necessary, iterating and pressing the "Synchronize with Windows group" button for each user group, as often as so required. With a low frequency of changes, low count of users and groups, there is probably more overhead of using the 800xA user synchronization function than doing it manually.
"Synchronization" is an overstatement, it requires manual work and there is no hint when there is a need to perform sync. In practise, you might have to visit all 800xA user groups for each change to your Active Directory.
*) Per default, all members of the Operators group get the Operate Permission which is required to post an OPC Write order, hence a user not member of the Operators User Group is "readonly". A site admin may alter these settings, raising or lowering the threshold to obtain the key Operate Permission. There are several additional permissions, even custom permissions; but Operate is the lowest required to post a write in a default system.
The System 800xA Security Report aspect will gather (remember to press Update) all security related details to one place and permit to be copied to notepad, wordpad, etc.
[Admin Structure]Administrative Objects/Domains/ASCS11 System:Security Report
Membership of the Operators User Group may be synchronized with the Microsoft Windows Domain or Workgroup - but notice, this is no automated sync; addition and deletion of users in 800xA is still subject to manually finding it necessary, iterating and pressing the "Synchronize with Windows group" button for each user group, as often as so required. With a low frequency of changes, low count of users and groups, there is probably more overhead of using the 800xA user synchronization function than doing it manually.
"Synchronization" is an overstatement, it requires manual work and there is no hint when there is a need to perform sync. In practise, you might have to visit all 800xA user groups for each change to your Active Directory.
*) Per default, all members of the Operators group get the Operate Permission which is required to post an OPC Write order, hence a user not member of the Operators User Group is "readonly". A site admin may alter these settings, raising or lowering the threshold to obtain the key Operate Permission. There are several additional permissions, even custom permissions; but Operate is the lowest required to post a write in a default system.
The System 800xA Security Report aspect will gather (remember to press Update) all security related details to one place and permit to be copied to notepad, wordpad, etc.
[Admin Structure]Administrative Objects/Domains/ASCS11 System:Security Report
1
Rajeesh,
I believe another intuitive answer would be to utilize Smart Client, for a number of reasons. First the per seat cost for using this interface is much less than the per seat cost of an OWP, regardless of whether it is Read Only or not. Additionally nearly all components of PG2 Graphics are visible when these graphics are linked to Smart Client Panels. Note there are some exceptions. And finally, it offers a level of security between the 800xA Control System and the user that is logging in through their desktop PC.
Regards,
Geof Ledin
I believe another intuitive answer would be to utilize Smart Client, for a number of reasons. First the per seat cost for using this interface is much less than the per seat cost of an OWP, regardless of whether it is Read Only or not. Additionally nearly all components of PG2 Graphics are visible when these graphics are linked to Smart Client Panels. Note there are some exceptions. And finally, it offers a level of security between the 800xA Control System and the user that is logging in through their desktop PC.
Regards,
Geof Ledin
Add new comment