Skip to main content

i4scada Knowledge Base

Managing Authorization Groups

Abstract

The i4scada Authorization Groups provide the Users with sets of permissions. This article covers all the information about Authorization Groups.

This article describes the Authorization Groups at the level of the i4scada Studio application.

Before working with the User Manager open i4scada Service Manager and start the i4scada Server:

i4SCADA_Server_running.jpg

i4scada Server running

Authorizations and permissions are organized in groups. For a user to have specific authorizations he must be assigned to an authorization group.

Authroization_groups_list.jpg

Authorization Groups panel

Authorization groups list is split up into the following columns:

  • Name - the name of the listed authorization group

  • Description - the description of the listed authorization group

  • Check access groups - shows if the Check access groups option is enabled or disabled, for the listed item.

  • Actions - this last column is an atypical one. In the Actions column, the actual user management actions are available. The available actions for a listed Authorization Group are: Clone Clone.jpg, Edit edit.jpg and Delete delete.jpg.

One can apply filters to the list columns and organize search actions. 

Further on, the Studio User Manager module offers the possibility to create, copy, edit and delete authorization groups.

In order to add new authorization groups, in Studio User Manager, a selection of the AutGr_add.jpgbutton is necessary. Selecting the Add button opens the Add dialog, where the following settings may be organized:

Add_Auth_Gr.jpg

Add new Authorization Group dialog

  • Name - The name of the Authorization group. The field is required.

  • Description - The custom description of the Authorization group. Allows the possibility to insert particular details about the Authorization group. 

  • Check Access groups - If the Check access groups button is checked, the user will be granted the authorization group permissions only if the access conditions specified in the access authorizations are met.

    If the Check access groups button is checked, the user will be granted the authorization group permissions only if the access conditions specified in the access authorizations are met.

  • Project Authorizations - The Project Authorizations field, features a multi select option that contains all entities available in the project database. This list also displays at the top right side, a select / unselect button.

    The project authorizations tab lists the authorizations granted to the selected Authorization group. More details upon Project Authorizations are available in the upcoming chapter of the present article.

  • System Authorizations - The System Authorizations field, features a multi select option that contains all entities available in the project database. This list also displays at the top right side, a select / unselect button.

    The System authorizations tab lists the authorizations granted to the selected Authorization group. i4scada System authorizations are preset authorizations that allow the administrator to establish access to the different i4scada components. The system authorizations cannot be changed or customized. Selecting is done from a list of predefined System Authorizations:

    • Alarm Configuration - allows the users in the current authorization group to configure the Alarms. 

    • Data table: Edit log values - allows the users in the current authorization group to edit the logged values in the WFDataTable control.

    • MessengerPro: Administrator - allows the users in the current authorization group to edit anything inside the web application.

    • MessengerPro: Login - allows the users in the current authorization group to login and view the web application objects.

    • Reporting Administration - allows the users in the current authorization group to edit anything inside the Reporting system.

    • SchedulerPro: Administrator - allows the users in the current authorization group to edit anything inside the web application.

    • SchedulerPro: Login - allows the users in the current authorization group to login and view the web application objects.

    • SchedulerPro: Service member - allows the users in the current authorization group to have full access to the locations that are associated with the authorization group.

    • SchedulerPro: Operator - allows the users in the current authorization group to edit most settings, but does not allow to add, edit or delete locations (objects).

    • Show User Related Filtering in OperationDiary - allows the user to filter the Operation Diary.

    • Signal Configuration - allows the users in the current authorization group to configure and manage project Signals. 

    • Server: Reset Reporting counter - allows the users in the current authorization group to write the WFSInternal_Reporting internal signal, which is used for resetting the current value of a signal log that is configured with the Counter Mean Value log condition.

    • Server: Set alarm status - allows the users in the current authorization group to write the WFSInternal_SetAlarmStates internal signal, which is used for changing the status of alarms.

    • Server: Set signal status - allows the users in the current authorization group to write the WFSInternal.Signal.Status, SignalName and internal signal, which is used for changing the status of its associated signal.

    • User Manager: Administrator - allows the users in the current authorization group to edit anything inside the User Manager.

    • User Manager: Login - allows the users in the current authorization group to view their own information in User Manager as well as other users in the same authorization group. The Guest user can also change his own password. No other functionality is available.

    • User Manager: Operator - allows the users in the current authorization group to edit, delete or change the passwords for the users within the same authorization group. The users with the Administrator role will not be visible. Other functionalities like creating, editing, or deleting authorization groups are not available.

  • Write groups - The Write groups field, features a multi select option that contains all entities available in the project database. This list also displays at the top right side, a select / unselect button.

    The write groups are virtual entities that correspond to both signals and users. When a signal is assigned to a writing group, the members of that write group have the right to write the value of the signal. The users who are not members of that write group will only be able to read the value of the signals that are assigned to the writing group. In consequence, in order to write the value of a signal, both the user and the signal must be assigned to the same write group.

    A user is a member of a write group when the write group is assigned to the authorization group that he belongs to.

  • Alarm Types - The Alarm types field, features a multi select option that contains all entities available in the project database. This list also displays at the top right side, a select / unselect button.

    The alarm types are virtual entities used to organize alarms of different types. The alarm groups are custom made. If an alarm group is selected, the members of the authorization group will receive only the alarms that are assigned to that alarm group.

  • Alarm Groups - The Alarm groups field, features a multi select option that contains all entities available in the project database. This list also displays at the top right side, a select / unselect button.

  • Access Groups - The Access Groups field, features a multi select option that contains all entities available in the project database. This list also displays at the top right side, a select / unselect button.

    The alarm groups are virtual entities used to organize alarms of different types. The alarm groups are custom made. If an alarm group is selected, the members of the authorization group will receive only the alarms that are assigned to that alarm group.

    The Access groups tab lists the groups in which the selected Authorization group is enabled. More details about Access groups are available under the upcoming chapter of the present article.

  • Scheduler locations - The Scheduler locations field, features a multi select option that contains all entities available in the project database. This list also displays at the top right side, a select / unselect button.

    The Access groups tab lists the groups in which the selected Authorization group is enabled. More details about Access groups are available under the upcoming chapter of the present article.

    The members of the group will only have access to the locations selected in the Scheduler locations tab. If no location is selected, the user will have access to all the available locations.

    The schedule locations are created in the SchedulerPro application

After filling in all desired information, the user can either Save or Cancel the previous action.

  • Save_button.jpg button - the dialog will be closed and the changes saved in the database, for future use. Saving a new Authorization group will consequently update the list, making the changes immediately visible. 

  • Cancel_button.jpg button - the dialog will be closed and the changes are discarded.

A simpler alternative to adding a new Authorization group, is by cloning an existing one. To clone an Authorization group, select the Clone.jpg button. Once button is

selected, the clone item dialog is opened. The name of the original item is copied and the suffix "_clone" is added by default. The Authorization group name can also be manually defined. 

AuthGr_Clone.jpg

Clone Authorization group

The clone dialog allows the user either to Confirm the clone or Cancel.

The existing Authorization Groups can be updated, by means of the Edit button edit.jpg. The Edit Authorization group dialog allows the user the possibility to change all fields enumerated in the above section Add new authorization groups of the present article. 

Edit_AuthGr.jpg

Edit Authorization groups

At the bottom of the Edit dialog, two options are available. The user can either Save or Cancel the changes. 

  • Save_button.jpg button - the dialog will be closed and the changes saved in the database, for future use. The Authorization groups changes shall be immediately applied to the concerning item. 

  • Cancel_button.jpg button - the dialog will be closed and changes will be discarded.

Deletion of an Authorization group is possible by clicking the Actions button delete.jpg, of the element to be removed. The system opens the Warning dialog, asking for confirmation.

Warning_deletion_dialog.jpg

Warning deletion dialog

The Warning dialog allows user to either Confirm deletion or Cancel the action:

  • Confirm_button.jpg button - the dialog will be closed and the deletion is performed. The deleted Authorization group is immediately removed from the list.

  • Cancel_button.jpg button - the dialog will be closed and changes are discarded.