Topic 11.1.1: Security System Overview

  • Security System Overview
    • The Security System provides a high level of protection for all recipe and batch management applications, functions, operator stations, and products.
    • The system is designed to be open and completely configurable. External applications can easily be interfaced to the system.
    • The Security System consists of the Security Editor, Security Manager, and a Security Application Program Interface (API).
    • The Security Editor is used to edit the system security configuration. All of the InBatch applications and functions are provided with the system. These include:
      • Overall Security System Operation.
      • Define User Accounts.
      • Assign Recipe Access.
      • Define Security Roles.
      • Define Applications and Associated Functions.

  • Security Modes: You can select from the following three modes of security:
    • Standard
    • Operating System
    • ArchestrA
  • Using Standard Mode Security
    • When you use Standard mode security, you must create a list of valid users.
    • Standard mode is the default when you install InBatch. In Standard mode, the Windows security check is not performed. Instead, the information is sent directly to the Security Manager.
  • Using Operating System Mode Security
    • When you use Operating System mode security, you can select from a list of configured users on the system.
    • For Operating System mode, a domain or local computer name is also required. The information is compiled into a security request message and sent to either the Windows Security API or the Security Manager depending on which mode is active.
    • In Operating System mode, a temporary logon using the passed User ID results in either pass or fail access.
    • If access is permitted, a list of all groups that contain the User ID is returned. This information is then sent to the Security Manager along with the application name (and function name if applicable), the operator station from where the request was made, and if applicable, the recipe identification code.
    • The Security Manager compares the security request with the information defined in the security database and returns either an OK or not OK result to the application making the request. The application acts on the result accordingly.
  • Using ArchestrA Mode Security
    • You can use the ArchestrA security mode when the InBatch solution is integrated with Wonderware Application Server. For ArchestrA mode, you can reuse users and groups defined in the ArchestrA security configuration.
    • When you use ArchestrA mode, you can select users or groups from the Wonderware Application Server security configuration. InBatch authenticates users against Wonderware Application Server at run time.
  • Working with Security Roles
    • You can add, delete, and change security roles in the system. Security roles typically define an employee’s job function, such as Operator, Supervisor, Lab Technician, Mixer Operator, Boiler Operator, or Control Engineer.
    • Security role names are verified to ensure uniqueness. You can add new security roles to the security system at any time. You can assign as many security roles as you need.
  • Working with Operator Station Security
    • You can add, delete, and change operator stations in the system. You can add new operator stations to the security system at any time. The number of stations that you can define is unlimited.
  • Working with User or Group Accounts
    • You can add, delete, and change users in the system. User account names are verified to ensure uniqueness. You can add new users to the security system at any time. The number of user accounts that you can define is unlimited.
  • Working with User Accounts in Standard Mode
    • This section describes how to work with user account information in Standard mode. You must add all users manually. The Browse function is not available.
  • Working with User and Group Accounts in Operating System Mode
    • If you are using Operating System security mode, you can use either individual users or user groups.
  • Working with User and Group Accounts in ArchestrA Mode
    • If you are using ArchestrA security mode, your choices are limited by the ArchestrA security settings that are already configured. You must know which ArchestrA security mode is being used:
      • Galaxy (user-level only)
      • OS Users
      • OS Groups
  • Assigning Operator Station Access to a User or a Group
    • You can assign access to specific operator stations to users or groups. You can assign as many operator stations to a user or group as required.
    • If you do not want an operator or group to have access to an operator station, you do not have to grant it.
    • Operator station assignments prevents operators from working at stations for which they have not been trained or should not have access.
  • Assigning Security to Applications or Functions
    • Use the Applications-Functions Editor to do the following:
      • Add, delete, and change applications
      • Add, delete, or change functions defined for an application
      • Assign security roles that restrict access to application
      • Assign security roles required for the Done-By and Check-By functions
Last modified: Thursday, 7 May 2020, 2:02 PM