Securing a Top-level Project

This section describes a "real-world" situation that might require read-only privileges to be applied to a top-level project.

In this scenario, several onsite engineers are responsible for maintaining a top-level project, ProjectXYZ. Consequently they require read-write privileges for every project folder.

The operators responsible for monitoring plant operations will use the project at runtime only; consequently operators only have read-only access to the project.

The system administrator on site first identifies those employees who will use the project, and then divides this pool of users into two user groups:

• Project Engineers - responsible for project configuration.
• Operators - responsible for the project's runtime operations.

This is shown in the illustration below.

The administrator creates two user groups to make administering users easier: ProjectXYZEngineers and ProjectXYZOperators, and assigns engineers to the first group, operators to the second.

The administrator then assigns engineers read-write privileges to the top-level project folder, and operators read-only privileges, like this.

1. Select the project folder of the top-level project and display its properties.
2. Select the ProjectXYZEngineers user group and allow read-write privileges. (Remember that in order to use read-write projects, read, write, and delete privileges needs to be assigned.)
3. Select the ProjectXYZOperators user group and deny write privileges. See the section Making a Project Read-Only for the specific privileges assign.
4. Apply and save the changes.
5. Review the changes to verify that engineers and operators have the correct privileges for their roles.

See Also