Using CitectSCADA > Securing Projects > Using CitectSCADA Security > Privileges

Privileges

CitectSCADA provides eight privileges, numbered 1 to 8, that are used to restrict access to parts of the project. To implement privileges into your project:

Note: Global privileges apply to every area.

You can allocate different privileges to different types of operation, as in the following example:

Privilege Command
1 Operate the conveyors
2 Operate the mixers
3 Operate the ovens
4 Acknowledge alarms
5 Print reports
6 Operate box machine

To allow a user to operate the conveyors, you assign privilege 1 to the role associated to that user, for example:

Global Privilege

1

To allow a user to acknowledge alarms, you assign privilege 4 to the role associated to that user, for example:

Global Privilege

4

To allow a user to acknowledge alarms and operate the conveyors, you assign both privilege 1 and privilege 4 to the role associated to that user record:

Global Privilege

1,4

Privilege classifications needs to be separated by commas (,).

To allow a user access to every command in your system, allocate every privilege in the role associated to that user, for example

Global Privilege

1, 2, 3, 4, 5

Note: In assigning a role a global privilege, that role is granted view access to every area automatically. Any user assigned that role will then be able to view every area of the plant.

After you have allocated privileges, you can define the privilege requirements of your system elements (commands, reports, objects, alarms, etc.):

Command

CONVEYOR = 1;

Privilege

1

Comment

An Operator with Privilege classification 1 can operate the conveyor

Command

Report("Shift");

Privilege

5

Comment

An Operator with Privilege classification 5 can print the report

Not every system element needs a privilege classification. At least one command needs to be issued by users, a command to log in to the system:

Command

LoginForm();

Privilege

Comment

A blank Privilege (or Privilege 0) means that the command has no classification - it is available to every user who performs this role.

See Also