Defining Roles and Users

Before enabling security, you must define roles and assign users to those roles. A role is similar to a Windows group account; it defines the Proficy Portal privileges for Windows group accounts. A user is an individual Windows account that is assigned to a role. Adding roles and users takes effect immediately, but you must restart Proficy Portal for the new users to be able to log on.

A privilege is the right to perform a specific action, such as switching to the configuration environment or saving run-time changes. The privileges of a role apply to all users assigned to that role. However, user-level privileges take precedence over role-level privileges. For example, a user has All privileges to access the Statement Builder but does not have privileges to access the Manage Folder option in the Proficy Portal Client. The user is assigned to a role that does not have privileges to access the Statement Builder, but can access the Manage Folders option. When the user is assigned to the role, it will retain access to the Statement Builder and will gain access to the Manage Folders option.

When you assign privileges to a role or user, click the Apply button to make the changes effective immediately; you do not need to restart Proficy Portal.

When you create a role, you must assign the specific accounts (i.e., users or groups) and privileges to it. For example, if you want to assign the privilege of switching to the configuration environment to the Windows group called DisplayDevelopers, you would:

  1. Create the Windows group DisplayDevelopers and assign the users you want to belong to it. For more information on Windows groups, consult your Windows documentation.

  2. Create a Proficy Portal role called Developers and select the Windows group account to add it to the role.

  3. Select the privilege for switching to the configuration environment and add it to the role.

By default, Proficy Portal has three pre-defined roles: Administrators, Guests, and SampleSystemUsers. The Administrators role provides full access to Proficy Portal, while the Guests role provides access to view analysis displays. The SampleSystemUsers role provides access to the Proficy Portal sample system. You can make changes to these roles as needed, and you can create as many roles as necessary.

Only roles with full privileges (e.g., Administrators) or roles that have been granted explicit privileges (e.g., Manage Folders) can perform the tasks that apply to those privileges. For example, a guest role that has been granted the privilege to manage the Roles and Users folders can add a user and assign it to a role.

CAUTION: When two or more users are logged in under the same security account (e.g., Administrator), only the changes made by the user who saves last will be retained. To avoid loss of data, multiple users should not make changes in the Administration application at the same time.

See Also

To create a role

To assign a user or group to a role

To remove a user from a role

To delete a user from Proficy Portal security

Role Domain/Group Synchronization