Security
(Users and Roles)
Introduction to the Security Module
The Security module ensures the safety and integrity of your projects.
Here You Can:
- Managing user access, roles, and permissions.
- Controls who can access, view, and modify project components.
- Controls who can manage runtime user interactions with displays and actions.
On this page:
Key Concepts and Terms
The Security Module secures the data exchange between the platform and external databases.
Users
Anyone accessing the project, either in engineering or runtime mode.
Permissions
Permissions are set levels of access for each user that determine what they can/ cannot do within the software.
Policies
Policies manage requirements on User Identification and Session control.
RuntimeUsers
These users are created and retrieved from an external encrypted SQL database or other identification servers.
Understanding the Security Module
User Roles Management: Managing user roles involves assigning a role to each user that defines their level of access to various project components. Each role has its permissions, which can be customized.
External Users: External Users refers to users who are not part of the organization but need access to specific project components, such as contractors, clients, or third-party vendors.
Securing Project Settings: The module provides tools to secure project settings by assigning Permissions and Policies.
Securing Runtime: Managing user sessions in client displays involves setting password requirements, session restrictions, and e-signature settings.
Configuring the Security Module
Configuration Workflow
Each user is assigned to a Security Group defined in Permissions and a Session Policy configured in the Policies.
Security module configuration workflow | |
|---|---|
Action | Where |
Edit Users | Security → Users |
Define security Permissions | Security → Permissions |
Define security Policies | Security → Policies |
Manage RuntimeUsers | Security → RuntimeUsers |
RuntimeUsers
Runtime Users are either defined in an external database or created dynamically using the CreateUser method. They can log in and use remote operation displays similarly to users specified in the Project configuration.
→ Read more about RuntimeUsers properties.
AD/LDAP Integrations
Windows AD Integration
The platform can automatically execute user credentials validation and user connection identification using native Windows Active Directory integration, available for users connecting from Windows operating systems.
→ Read more about Windows AD / LDAP Server.
AD/LDAP Server Integration
When Windows AD integration is unavailable, automated identification can still be achieved using a business server-defined LDAP server.
→ Read more about Windows AD / LDAP Server.
Working with the Security Module
Runtime Execution
→ Read more about Security Runtime Execution.
Monitoring Clients Connections
Track and manage active connections, enabling efficient troubleshooting and resource allocation.
? Read more about Monitoring Client Connections.
Customizing Login Procedures
Modify the login page, fine-tune user validation, and incorporate custom logic into the client startup process for a tailored login experience.
? Read more about Customizing Login Procedures.
Managing Users on Displays and Scripts
Regulate user access and interactions within displays and scripts to promote a secure and efficient work environment.
→ Read more about Managing Users on Displays and Scripts.
Security Runtime Attributes
The Security namespace contains all runtime information regarding the security system. The Client object has information about the current user logged at that client station.
| Examples | |
|---|---|
Client.Username | The property is the name of current logged user. |
Client.CurrentUser | Reference to a data structure with all the information of the currently logged-in user. |
→ Read more about Objects and Namespaces.
Troubleshooting and Best Practices
Troubleshooting and Common Issues:
- User Cannot Log In: Ensure the user is entering correct login credentials. Check if the user's account is active and not blocked or flagged as deleted. If the problem persists, contact your system administrator.
- Permission Denied Error: Check the user's assigned Permissions. Ensure they have the necessary access rights to perform the desired action. Update their Permissions or assign them to a different user group if necessary.
Best Practices and Recommendations:
- Regularly update your user list and their associated permissions to maintain security
- Conduct periodic audits of user accounts and permissions, making necessary updates and removing inactive users.
- Enforce strong password policies to enhance security.
- Require complex passwords that include uppercase and lowercase letters, numbers, and special characters. Encourage regular password changes.
- Keep your system up-to-date with patches and updates.
- Regular updates often include security enhancements and fixes. Ensure your system is up-to-date to benefit from these improvements.
What's Next?