12. User Permissions and User Management

All user operations can be made dependent on their permissions. The system should use a complete permission system for this purpose, which is also suitable for use in validated industries.

All users intended for operating the system can be divided into user groups according to their powers. Areas can be defined for each group in which operating permission is given. The scope of the permission can be defined in up to 32 levels per area.

Either the system’s internal user management or the operating system’s management can be used optionally. Special methods such as password change, initial changes, minimum lengths, etc. can be defined.

For user management and the allocation of rights, it should be possible to use Active Directories.

The SCADA system should make it possible to establish a central user management using customer-owned solutions or common tools, such as Active Directory or LDAP. In addition, it should be possible to use the users of the operating system as users. In this case, the authentication and password rules (e.g., complexity and change cycles) are adopted from the centrally managed settings.

It should be possible to design individual interfaces per user. In addition, the tool must be able to manage restricted access to individual data points and managers. Access to defined content should only be possible after successful authentication and appropriate rights allocation. These mechanisms should be supported by black- and whitelisting to facilitate configuration.

In the system, it should also be possible to assign different reading and writing rights to certain data point elements. This should be possible both via group administration rights and individually per user. When a user is added to a group, their rights should be transferred to them.