WFUserManager Authorization Groups
Authorization Groups
Authorizations and permissions are organized in groups. For an user to have specific authorizations he must be assigned to an authorization group.
The Authorization Groups section of the User Manager
The User Manager offers the possibility to create, delete and manage authorization groups.
To create a new group, click the New button in the top bar.
To delete an existing group, click the Delete button in the top bar.
To manage an existing group, select the desired group from the grid panel. The settings of the selected group are displayed in the settings panel.
The general settings of an authorization group are listed in the top-right panel (Name, Description and Check access groups), while the authorization members of the group in the bottom part.
Authorization group general settings and authorization members
If the Check access groups button is checked, the user will be granted the authorization group permissions only if the access conditions specified in the access authorizations are met.
While the general settings of the authorization groups are straightforward, the authorization members settings are more complex. Therefore, each tab will be described with details.
Write groups
The write groups are virtual entities that correspond to both signals and users. When a signal is assigned to a write group, the members of that write group have the rights to write the value of signal. The users who are not members of that write group will only be able to read the value of the signals that are assigned to the write group. In consequence, in order to write the value of a signal, both the user and the signal must be assigned to the same write group.
A user is member of a write group when the write group is assigned to the authorization group that he belongs to.
Alarm types
The alarm types tab lists the types of alarms that the members of the authorization group can receive and handle. If an alarm type is selected, the users assigned to the current authorization group will have access to the alarms of that type.
Alarm Groups
The alarm groups are virtual entities used to organize alarms of different types. The alarm groups are custom made. If an alarm group is selected, the members of the authorization group will receive only the alarms that are assigned to that alarm group.
Project authorization
Project authorizations are custom virtual authorization entities that allow the customization of authorizations. The project authorizations can be created depending on the projects needs.
The project authorizations are used in managing control behaviors: a control can be set up to be displayed if a user is a member of an authorization group that has a specific project authorization, or to be hidden if the authorization group that the user is part of does not have that specific project authorization.
To create a project authorizations, navigate to the dedicated section of the User Manager using the top bar navigation drop-down.
System authorization
System authorizations are preset authorizations that allow the administrator to establish the access to the different WEBfactory 2010 system components. The system authorizations cannot be changed or customized (Use Project authorizations for custom authorizations).
The list of system authorizations:
Data table: Edit log values - allows the users in the current authorization group to edit the logged values in the WFDataTable control.
MaintenancePro: Allow export to Database - allows the users in the current authorization group to export data from MaintenancePro to the database.
MaintenancePro: Allow import from Database - allows the users in the current authorization group to import data from the database to MaintenancePro.
MaintenancePro: Use Configuration - allows the users in the current authorization group to view and edit the configuration objects.
MaintenancePro: Use Manager - allows the users in the current authorization group to view and edit the planning, but not configure the rest of the objects.
MaintenancePro: View Configuration - allows the users in the current authorization group to view the configuration objects, but not the planning.
MaintenancePro: View Manager - allows the users in the current authorization group to view the inspection assignments.
MessengerPro: Administrator - allows the users in the current authorization group to edit anything inside the web application.
MessengerPro: Guest - allows the users in the current authorization group to view the web application objects.
ScenarioManagerPro: Administrator - allows the users in the current authorization group to edit anything inside the web application.
ScenarioManagerPro: Guest - allows the users in the current authorization group to view the web application objects.
ScenarioManagerPro: User - allows the users in the current authorization group to edit most settings but does not allow to add, edit or delete locations.
SchedulerPro: Administrator - allows the users in the current authorization group to edit anything inside the web application.
SchedulerPro: Guest - allows the users in the current authorization group to view the web application objects.
SchedulerPro: Service member - allows the users in the current authorization group to have full access to the locations that are associated with the authorization group.
SchedulerPro: User - allows the users in the current authorization group to edit most settings, but does not allow to add, edit or delete locations (objects).
Server: Reset Reporting counter - allows the users in the current authorization group to write the WFSInternal_Reporting internal signal, which is used for resetting the current value of a signal log that is configured with the Counter Mean Value log condition.
Server: Set alarm status - allows the users in the current authorization group to write the WFSInternal_SetAlarmStates internal signal, which is used for changing the status of alarms.
Server: Set signal status - allows the users in the current authorization group to write the WFSInternal.Signal.Status.<SignalName> internal signal, which is used for changing the status of its associated signal.
User Manager: Administrator - allows the users in the current authorization group to edit anything inside the User Manager.
User Manager: Guest - allows the users in the current authorization group to view his own information in User Manager as well as other users in the same authorization group. The Guest user can also change his own password. No other functionality is available.
User Manager: User - allows the users in the current authorization group to edit, delete or change the passwords for the users within the same authorization group. The users with Administrator role will not be visible. Other functionality like creating, editing or deleting authorization groups are not available.
VPlant: Administrator
VPlant: Guest
VPlant: User
Access groups
The access groups tab provides the option of assigning access authorizations to the authorization group. Access authorizations restrict the location from where the system can be accessed.
Access authorizations are grouped in access groups.
The access authorizations are defined in the User Manager. To set up the access authorization, navigate to the dedicated section using the top bar navigation drop-down.
Acess authorizations section
To set up access authorizations, create a new authorization and set the details in the right panel.
The access authorization has two access methods:
Access via computer name - uses the computer name of the user to validate the access;
Access via IP address - uses the IP of the user to validate the acccess.
Once the access authorizations are a defined, they can be assigned to access groups. Any number of access authorizations can be assigned to an access group.
Access groups section
Custom access combinations can be created using the access groups. Only the access groups can be assigned to authorization groups.
Scheduler locations
Scheduler locations tab allows the administrator to assign a location defined in SchedulerPro to the authorization group.
The Scheduler locations tab in User Manager
The members of the group will only have access to the locations selected in the Scheduler locations tab. If no location is selected, the user will have access to all the available locations.
The schedule locations are created in the SchedulerPro application.