Using CitectSCADA > Securing Projects > Configuring Security > Adding Roles

Adding Roles

Create a role for those people or groups of people you want to use your system. When creating a role you determine what permissions (privileges and areas) to set for each based on the tasks the user assigned that role needs to be able to perform within the project and plant.

To add a Role record:

  1. Choose System | Roles to display the Roles dialog box.
  2. Complete the Roles dialog box.
  3. Click Add to append a new record, or Replace to modify an existing record.

Use the Roles dialog box to define properties for your roles.

Role Name

Enter a value of 16 characters or less, for example "Operator". Role Names are restricted to using the same syntax as Tag names. See Tag name syntax.

Windows Group Name (Users using Windows Authentication only)

Enter the name of the group that you intend link to the Windows security group. Verify that this name is same as the group name in Windows which you want the role link to. It can contain up to 254 uppercase or lowercase characters. Verify that only use the characters that are allowed for Windows group account name in Windows.

The Windows group name can include a domain name or a local computer name in the format of "domainname\operator", or "localcomputername\operator". If either are specified in the group name CitectSCADA runtime will only validate for the groups on the server specified in the name or the local computer.


Any useful comment. Enter a value of 48 characters or less.

Global Privilege

The privilege assigned globally to the role. Enter a value of 16 characters or less.

In the privilege field you can separate numbers with commas or you can enter a range separated by two periods le.g. 1..8

As you configure your system, you can assign privileges to the various elements, such as graphics objects, alarms, accumulators, commands, and so on. For example, a role with a Global Privilege of 3 will be able to issue any command that is assigned a privilege of 3, or action any alarm with a privilege of 3, or click any button that is assigned a privilege of 3, etc. Unless you are using areas, if you do not specify a global privilege, the role cannot access any command with a privilege assigned.

Note: (For users using windows authentication) When you have completed the fields in this dialog and if you have not already done so, add the users to the group in Windows security that you want to have the privileges of this role.

See Also

Adding groups and users in Windows security.

Additional fields on this dialog using extended forms (press F2).