Outlined below are four general rules regarding the use of privileges and areas within CitectSCADA.
These rules will assist you in understanding how the various privilege and area combinations between system elements and roles will affect your security. The table below outlines numerous scenarios, and the resulting security for a simple on/off button.The first two columns Area and Privilege refer to the button.
Area | Priv | Role | Area | Priv | Security |
---|---|---|---|---|---|
No |
No |
Conveyor Operator |
No |
No |
Operator can view and control the system element. |
No |
Yes |
Conveyor Operator |
No |
No |
Can view the system element but cannot operate it as role does not have the necessary privilege |
No |
Yes |
Conveyor Operator |
No |
Yes (matching) |
Can view the system element and control it as role been granted the matching global privilege. Role will be able to control those system elements that also have the matching privilege in other areas of the plant. |
Yes |
No |
Conveyor Operator |
No |
No |
Role cannot view the system element, as it is no longer assigned to Area 0. |
Yes |
No |
Conveyor Operator |
Yes (matching) |
No |
Role can view and control the system element, as no privilege restriction has been set. |
Yes |
Yes |
Conveyor Operator |
Yes (matching) |
Yes (not matching) |
Can view the system element in the relevant area but cannot operate it as role does not have the necessary associated privilege. |
Yes |
Yes |
Conveyor Operator |
Yes (matching) |
Yes (matching) |
Can view the system element and control it within the relevant area, as role has been assigned a matching associated privilege. |
See Also