Page History

Key Concepts and Terms

The Security module's purpose is to ensure secure data exchange between the platform and external databases. The concepts of Users, Permissions, Policies, and Runtime Users ease the Security module's understandingModule defines the Users allowed to use or modify solution, and their Roles, Permission, and Security Policies. The definition of users can be created locally using the platform tools or executed in connection with external definitions such as Active Directory, LDAP servers, or external SQL databases.

Users

Anyone accessing the projectsolution, either on the engineering or runtime mode, is a Userin engineering (Designer Tool) or in runtime mode (Displays).

Permissions

The Permissions concept ensures that users access only the necessary functionalities and data for their job, reducing the risk of security breaches and unauthorized activities. The group-based Permissions allow configuring which functions users can access while editing or during the project runtimePermissions are set levels of access for each user that determine what they can or cannot do within the solution.

Policies

The Policies enable the management of the manage requirements on User Identification and Session control. For instance, you can setup a Policy for minimum of 8 letters passwords (Identification Policy) and an automated LogOff after 8 hours of usage (Session Policy). Then, you setup which Users will be required to follow that Policy.

RuntimeUsers

Control.

RuntimeUsers

These users are created and retrieved It is a very common Project requirement to dynamic add and remove Users. Instead of modifying the Project every time, the platform allows the concept of Runtime Users which are dynamically created and retried from an external encrypted SQL database , but other Identification server can be integrated. or other identification servers.

Understanding the Security

Features highlights

The Security Module in FactoryStudio offers various features to ensure complete security for your projects. Key features include:

Module

What the Security Module Enables

User roles management

Managing user roles in FactoryStudio involves assigning a role to each user that defines their level of access to various components of the projectsolution. Each role has its permissions, which can be customized to meet the security requirements of your organization.

Managing External Users

(Runtime Users)

External Users in FactoryStudio this context refers to users who are not part of the organization but need access to specific components of the project. This can include contractors, clients, or third-party vendors. These users are typically managed via RuntimeUsers or integration with Active Directory and LDAP.

Securing

Solution Configuration

The platform FactoryStudio provides several tools to secure project settings. By the solution configuration itself.  By assigning Permissions and Policies, administrators can control which users have access to specific project settings and featuresmodules, editors and documents. This ensures that only authorized users can make changes to critical project settingson each part the solution configuration.

Securing Runtime Execution

Securing runtime involves managing user sessions in client displays by setting password requirements, session restrictions, and e-signature settings. FactoryStudio also The platform allows administrators to monitor client connections and manage active sessions.

Configuration Workflow

Security module configuration workflow

Action

Where 

Edit Users

Users

Define security Permissions

Security → Permissions

Define security Policies 

Security → Policies

Manage RuntimeUsers

Security → RuntimeUsers

, Permissions and Policies Summary

For a summary of the Security Configuration, go to Security Overview, which presents the basic configuration steps and properties for Users, Permission and Policies. 

The next section presents the configuration of those elements in further details.

Configuring the Security Module

Configuration Workflow

Each User is assigned to a set of Permissions and a to a Session Policy.

RuntimeUsers

Runtime Users

Each user is assigned to a security group defined in Permissions and a session policy configured in the Policies.

Permissions define the level of access users have for project configuration and client displays.

Policies, on the other hand, focus on managing user sessions in client displays, either WPF or HTML5, by setting password requirements, session restrictions, and e-signature settings.

See Exploring the Security Settings to read about the Security module configurations in detail.

Creating, editing and managing users

The Named Users with authorization to access the Project are defined in the SecurityUsers table on Security → Users. See Users properties to explore the default properties in detail.

Removing Users

You have three ways to disable users:

• Blocking: use to block the user’s access. You may want to use this for users who are no longer in your company.

• Flagging as deleted: use to block the user’s access and flag the user as deleted, without deleting the user. You may want to use this for users who are no longer in your company.

• Deleting: removes the user completely from the system.

The method used varies according to the Security requirements on managing users for your application.

Defining Permissions

The project Permissions are defined in the SecurityUsers table on Security → Permissions. See Permissions properties to explore the common properties in detail.

Defining Policies

The project Permissions are defined in the SecurityUsers table on Security → Policies. See Policies properties to explore the common properties in detail.

Connecting Users with Permission Groups

On Security → Users, the column Permissions can be updated to include all Permission Groups authorized to each user. Select multiple rows, right-click to edit the combined rows, when applying same settings to more than one user.

To apply a created permission to a user, go to Permissions column, and select the desired option.

RuntimeUsers

RuntimeUsers are a separate group of users who are either defined in an external database or created dynamically using the CreateUser method, and they . They can log in and similarly utilize use remote operation displays similarly to the users specified in the Project solution configuration. See RuntimeUsers properties to explore the properties in detail

→ Read more about RuntimeUsers.

AD/LDAP Integrations

Windows AD Integration

Instead of validating the Users again, the credentials in the Project configuration and the identification of the User connection can be automatically executed using our The platform can automatically execute user credentials validation and user connection identification using native Windows Active Directory integration. This functionality in only , available for the Users users connecting from Windows operating systems.

→ Read more about For more information, see Windows AD / LDAP Server.

AD/LDAP Server Integration

When the integration with Windows AD integration is not available, it is still possible for an unavailable, automated identification can still be achieved using the a business server to define an -defined LDAP server to be used by the project. .

For more information, → Read more about Windows AD / LDAP Server.

Working with the Security

Runtime Execution

For in-depth security runtime understanding, please explore the Security Runtime Execution.

Monitoring Clients Connections

The Monitoring Client Connections empowers you to track and manage active connections. This functionality enables efficient troubleshooting and resource allocation for your project's needs. Please refer to the Monitoring Client Connections for a comprehensive client connections understanding.

Module

Customizing Login Procedures

The Custom Login Procedures enables you to modify Modify the login page, fine-tune user validation, and incorporate custom logic into the client startup ScriptTask process . This allows for a tailored login experience that suits your project's specific requirements. For a deeper understanding of how to customize login procedures and to examine detailed examples, please consult the Customizing Login Procedures.

Managing Users on Displays and Scripts

.

Further User management can also be execute on Scripts.

→ Read more on Scripts, Handling Security

Applying Security to Displays

Regulate The User Management on Displays and Scripts enables you to regulate user access and interactions within displays and scripts, promoting a secure and efficient work environment. To acquire an in-depth understanding of user management on displays and scripts, please consult the Managing Users on Displays and Scripts., either by protecting the entire display, or specific commands or elements within each display.

Display Edit or Run Security

The configuration table Displays → List, has the columns EditSecurity and RunSecurity that allow to define the PermissionGroups allowed to configure, or open in runtime, each displays. 

Security within the Display

When drawing the solution User Interface, there is a Dynamic Property specifically to apply security to any Input the operator may do at the display.

→ Read more on Drawing User Interfaces / Dynamics and UI Elements, the Security Dynamic configuration. 

Security Runtime Attributes

The Securitynamespace contains all runtime information regarding the security system. The Clientobject has information about the current user logged at that client station.

→ Read more about Objects and Namespaces.

Anchor
BestPractices BestPractices

Best Practices and Troubleshooting

Best Practices and Recommendations

Troubleshooting and Best Practices

Troubleshooting and Common #Issues

The Security module may encounter some issues in its operation. Here are some common issues and their solutions:

1. User cannot log in

   • Solution: Ensure that the user is entering the correct login credentials. Check if the user's account is active and not blocked or flagged as deleted. If the problem persists, contact your system administrator.

2. Permission denied error

   • Solution: Check the user's assigned Permissions. Ensure that they have the necessary access rights to perform the desired action. If necessary, update their Permissions or assign them to a different user group.

Best Practices and #Recommendations

:

• Regularly update your user list and their associated permissions

• to maintain security

• .

• Conduct

• periodic

• audits of user accounts and permissions

• , making necessary updates and

• removing inactive users.
• Enforce strong password policies to enhance security.

• Require

• complex passwords that include uppercase and lowercase letters, numbers, and special characters.

• Encourage regular password changes.
• Keep your system up-to-date with patches and updates.

• Regular updates

• often include security enhancements and fixes. Ensure

• your system is up-to-date to

• benefit from these improvements.

Troubleshooting and Common Issues:

• User Cannot Log In: Ensure the user is entering correct login credentials. Check if the user's account is active and not blocked or flagged as deleted. If the problem persists, contact your system administrator.
• Permission Denied Error: Check the user's assigned Permissions. Ensure they have the necessary access rights to perform the desired action. Update their Permissions or assign them to a different user group if necessary.

In this section:

Security Runtime Attributes

The Security namespace has all the runtime information regarding the security system.

For general information on namespace and object concepts, go to the section Objects and Attributes.

The Client object has information about the current user logged at that client station:

See Namespaces Reference for the complete list of properties and available methods.