12. User authorization and user administration

All user operations can be interrelated to their permissions. To enable this, the system uses a complete authorization system which is also suitable for deployment in validated industries.

All users who are intended to operate the system can be summarized in user groups reflecting their permissions. For each group areas can be defined for which the user permissions are valid. For each area the scope of the permission can be defined for up to 32 levels.

The internal user administration of the system or the OS-based user management can be used. Furthermore, special methods such as password aging, initial changes, minimum length, etc. are definable.

The SCADA system allows establishment of a central user administration using either customer proprietary solutions or common tools such as Active Directory or LDAP. Furthermore, it is possible to use the OS users as users of the system. In this case authentication and password rules (such as complexity and change intervals) are imported from the centrally administered settings.

The system shall support individual visibility for defined users. This includes special possibilities to control the visibility on defined data points and managers. Only after giving permission and successful authentication it should be possible to see and change these defined parameters and contents. This should be supported by black- and whitelisting configurations to reduce engineering time.

More than that the system shall be capable of setting different rights regarding reading and writing to defined data point elements within the system. This shall also be possible to be set via group settings and by defining users as part of given groups including setting predefined rights to this new user.