Read only Client in 800XA
Regardless of which ever user login to the system , only we can see the displays (Excluding the 800XA Service account)
If an Engineer login to this particular pc he will not able able to operate anything.
Membership of the Operators User Group may be synchronized with the Microsoft Windows Domain or Workgroup - but notice, this is no automated sync; addition and deletion of users in 800xA is still subject to manually finding it necessary, iterating and pressing the "Synchronize with Windows group" button for each user group, as often as so required. With a low frequency of changes, low count of users and groups, there is probably more overhead of using the 800xA user synchronization function than doing it manually.
"Synchronization" is an overstatement, it requires manual work and there is no hint when there is a need to perform sync. In practise, you might have to visit all 800xA user groups for each change to your Active Directory.
*) Per default, all members of the Operators group get the Operate Permission which is required to post an OPC Write order, hence a user not member of the Operators User Group is "readonly". A site admin may alter these settings, raising or lowering the threshold to obtain the key Operate Permission. There are several additional permissions, even custom permissions; but Operate is the lowest required to post a write in a default system.
The System 800xA Security Report aspect will gather (remember to press Update) all security related details to one place and permit to be copied to notepad, wordpad, etc.
[Admin Structure]Administrative Objects/Domains/ASCS11 System:Security Report
I believe another intuitive answer would be to utilize Smart Client, for a number of reasons. First the per seat cost for using this interface is much less than the per seat cost of an OWP, regardless of whether it is Read Only or not. Additionally nearly all components of PG2 Graphics are visible when these graphics are linked to Smart Client Panels. Note there are some exceptions. And finally, it offers a level of security between the 800xA Control System and the user that is logging in through their desktop PC.