The Group Account dialog is used to create and delete user groups, as well as to configure the access privileges for a selected group.
Accessing the dialog
Assuming the project security system has already
been enabled (i.e., you have used the security system configuration
wizard at least once), then you can access this dialog by doing one
of the following:
- Open the Security System dialog, and then click Groups; or
- In the Global tab of the Project Explorer, right-click Groups and then click Groups properties on the shortcut menu.
The dialog in detail
Figure 1.
Group Account
dialog
| Area / Element | Description | |
|---|---|---|
| Group Account | The user group that you are currently configuring.
Note: There
are two default groups for all projects: Guest and (Default
Rights).
Note: If the
security mode is set to Domain
(LDAP), then please note that the built-in groups in
Microsoft Active Directory will not appear in this list of groups
and cannot be added to the project. |
|
| New | Creates a new group. In the New Group Account dialog, type the name of the new group and then click OK. | |
| Delete | Deletes the currently selected group. | |
| Reset | Resets the privileges of the currently selected group
to match the (Default Rights)
group.
This does not lock the group to the default; you can make further changes. To lock the group, see Use Default Rights below. |
|
| Advanced | Opens the Group Account Advanced dialog (see below). | |
| Security Rights – Development | Use Default Rights | Locks the development privileges of the currently selected group to those configured for the (Default Rights) group. If changes are made to the (Default Rights) group, then they also apply to this group. |
| Security Level – Development | Range | The range of access levels that this group may access in the development application. |
| Engineering Access | Project Settings | Members of the group may modify the project settings. |
| Drivers, Data Sources | Members of the group may create, modify device drivers and external data sources. | |
| Network Configuration | Members of the group may create, modify TCP/IP Client worksheets. | |
| Create, modify tags | Members of the group may create, modify project tags. | |
| Create, modify screens | Members of the group may create, modify project screens. | |
| Create, modify task sheets | Members of the group may create, modify task worksheets. | |
| Security Rights – Runtime | Use Default Rights | Locks the runtime privileges of the currently selected group to those configured for the (Default Rights) group. If changes are made to the (Default Rights) group, then they also apply to this group. |
| Security Level – Runtime | Range | The range of access levels that this group may access in the runtime project. |
| Runtime Access | Start Project | Members of the group may run the project. |
| Close Project | Members of the group may stop the project. | |
| Database Spy (write) | Members of the group may write values to the project
database using the
Database Spy window.
Note: This
only applies to projects running locally. For projects running
remotely, see Enable Remote Debugging
Tools below. |
|
| Task switch enabled | Members of the group may switch away from the runtime
project to another Windows task.
(This option does not apply to projects running on Windows Embedded target systems; the user may always switch away from the runtime project.) |
|
| Edit Security System | Members of the group may make changes to the project
security system during runtime.
Note: Be
careful not to clear this option for your own group, or you may not
be able to undo your own changes. |
|
| Enable Remote Debugging Tools | Members of the group may use Remote Database Spy and Remote LogWin. | |
| Windows Task Manager | Members of the group may open the Windows Task
Manager.
(This option does not apply to projects running on Windows Embedded target systems; the user may always open the Windows Task Manager.) Note:
Clearing this option means disabling the Task Manager during
runtime, which requires Administrator privileges. You will need to
run the project with elevated privileges. |
|
| Runtime group | A user created during runtime by calling the CreateUser function may be assigned to this group. | |
| Web Thin Client Access | Members of the group may access the runtime project by using a Web Thin Client. | |
| Secure Viewer Access | Members of the group may access the runtime project by using a Secure Viewer. | |
Figure 2.
Advanced dialog – Password
Options
| Area / Element | Description |
|---|---|
| Min password size | To make user passwords more complex and therefore more secure, you can require that they contain a certain number of alpha (A-Z, a-z), numeric (0-9), and special (punctuation) characters. When the user is prompted to change his password — for example, when his old password expires (see Password aging below) — the new password will not be accepted unless it meets these requirements. |
| Min number of special characters | |
| Min number of numeric characters | |
| Min number of alpha characters | |
| Case-sensitive | If this option is selected, then passwords are case
sensitive — that is, passwords created with both upper and
lowercase characters must be entered the same
way by the user.
Note: In
projects created with InduSoft
Web Studio v6.1+SP2 through v6.1+SP6, all passwords were case
sensitive. |
| Password aging | Longevity (in days) of the password for all users in
this group. After the specified number of days, the project will
force the user to change his password: when the user tries to log
in, the Change Password
dialog is automatically displayed and the user cannot complete the
logon process until he provides a new password.
By default, the user must choose a new password that
is different from the old password. To change this so that the user
can re-use the same password, manually edit the project file
(project_name.app) to include the
following setting:
[Security] ChangePasswordMode=1 To make passwords never expire, set Password aging to 0. |
| E-signature time-out | Timeout period (in minutes) of the E-sign prompt for all users in this group. The user must enter his user name and password before the specified timeout to use project features that require an e-signature. |
| Disable e-signature | When the value in this box is TRUE (non-zero), users
in this group cannot use any project features that require an
e-signature.
You can configure a project tag in this box, so that e-signature is dynamically enabled/disabled during runtime. |
Figure 3.
Advanced dialog – Auto
LogOff/LockUp
| Area / Element | Description | |
|---|---|---|
| Auto Log Off | Log Off after | Number of minutes after which the current user must be logged off automatically. If this field is left in blank (or with the value 0), the current user is never logged off automatically. |
| Counting from logon | When this option is selected, the current user is automatically logged off after the period of time configured in the Log Off after field elapsed since when the current user was logged on the system. | |
| Counting from user's last action | When this option is selected, the current user is automatically logged off after the period of time configured in the Log Off after field elapsed since the last action (mouse, touchscreen, or keyboard action) was performed by the current user. | |
| Disconnect Web Thin Client on auto logoff | If the user logged on through a Web Thin Client, then when the user is logged off, the client is automatically disconnected from the data server. | |
| Auto Lock-up | Enable | Enables the auto lock-up features described below. |
| Lock up account after | Maximum number of times a user can try to log on to an account. If the user exceeds the specified maximum number of attempts (provides an invalid password) within the period of time specified in the Reset counter after field, the project will automatically block the user. | |
| Reset counter after | Defines how long after an invalid log-on attempt the project will wait (in minutes) until it resets the log-on attempts counter. | |
Note: If a
user is assigned to more than one group (see
Creating and configuring users), then the groups' settings may
conflict with each other. How the settings are resolved depends on
which settings they are:
- The settings in the Group Account dialog above are permissive — that is, the most permissive setting from all of a user's groups applies to the user. For example, if any of the groups can create and modify tags, then the user can create and modify tags.
- The settings in the Group Account Advanced dialog (both tabs) are restrictive — that is, the most restrictive setting from all of a user's groups applies to the user. For example, if one group has a minimum password size of 8 and another group has a minimum password size of 12, then the user's minimum password size is 12. (For Auto Log Off in particular, Counting from logon overrides Counting from user's last action.)