Application Rights
Application rights define which system applications users can access, and what operations they can perform (for example, only view, edit and save changes to existing objects, create new objects) within each one. Application rights can also be used to enable/disable users' access to Engineering mode, and to other features such as Assisted Treatment.
The most important application rights include:
Show: This gives users read-only access to the application. If the Show check box is deselected, the application will not display.
Configure: This enables users to edit data and save changes within the application. If Configure is deselected, toolbar buttons such as Save, Save As..., New, Delete, and Edit will be unavailable.
NOTE: If the application in question creates or deletes objects in System Browser, users must also have the appropriate Create/Delete Scope rights for their changes to take effect.
Toggle Engineering mode: This enables users to access Engineering mode. If Toggle Engineering mode right is deselected, the button for switching to Engineering mode will no longer display.
Other application rights include: Export, Import, and Execute.
Application Rights intersect with the Scope Rights that enable users to create or delete system objects. The Configure application right makes toolbar icons such as New, Save, Save As.., Delete available. However, if the corresponding action creates or deletes objects in System Browser tree, it will not complete successfully if the user lacks the necessary Scope rights.
Example:
If a user has Configure application rights for Macros, toolbar buttons (for example, to create a new macro folder, to save changes to an existing macro, or to delete a macro) will be available. However, if this user lacks the Create Scope right, the system will not let the user create a new macro folder, because this involves creating a new system object. On the other hand, the user can save changes to an existing macro because this does not create a new system object. Similarly, to complete the action of deleting an existing macro the user must have the Delete Scope right.
If the user has Create/Delete Scope rights but lacks the Configure application right the user will not be able to initiate any action because the toolbar buttons will be unavailable.
The following sections describe the specific application rights that you can set for each system application, and how they interact with the Create/Delete Scope rights.
NOTE:
The actual list of application rights in the system may include additional items from the installed extension modules. To get information about such additional application rights, refer to the documentation for the specific extension modules.
Application rights are disabled by default in applications installed with an extension module. This also applies to the DefaultAdmin user. Therefore, after installing an extension module you must manually enable the corresponding application rights.
The following general rules apply to application rights:
- When you change the application rights for a user group, the changes take effect immediately, even if those users are currently logged on and using the system.
- Do not use setting ALL if the Scope is handled differently for each application.
- Restricted Scope Rights must be assigned to the individual application.
Assisted Treatment
Assisted Treatment rights define the access permission to Assisted Treatment alarm handling feature.
Assisted Treatment Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | n/a | n/a | n/a |
Automatic Event Treatment
Automatic event treatment rights define the access permission for configuring automated alarm handling rules.
Automatic Event Treatment Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | ✘ | ✘ | ✘ |
| ✔ | ✔ | ✘ | ✘ |
| ✔ | ✔ | ✔ | ✘ |
| ✔ | ✔ | ✘ | ✔ |
BACnet Configuration
BACnet Configuration rights define the access permission for configuring BACnet devices on a BACnet network.
BACnet Configuration Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | ✘ | n/a | ✘ |
| ✔ | ✔ | n/a | ✘ |
| ✔ | ✔ | n/a | ✔ |
NOTE: Importing BACnet devices depends on the Importer rights.
NOTE2:BACnet Configuration rights do not impact working with Schedules in Management Station or Flex Client.
Device
Device rights define the access permission for the System Management application to configure:
- Under the stations:
- WMI UPS
- SNMP network devices. In particular,
- SNMP UPS
- SNMP Scalance
- SNMP properties to monitor the SNMP network.
Device Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | ✘ | ✘ | ✘ |
| ✔ | ✔ | ✘ | ✘ |
| ✔ | ✔ | ✔ | ✘ |
| ✔ | ✔ | ✘ | ✔ |
NOTE: Manually adding the following objects depends on the System Management rights: WMI UPS, SNMP network devices, and SNMP properties.
Document Configuration, Document Viewer, and Rule Editor
For documents and web applications, two types of access permission are available:
- Document Configuration and Rule Editor
- Document Viewer
Document Configuration rights define the access rights for configuring documents in the Documents tab. For web applications, these rights also define the access to the Rule Editor tab to configure display rules.
Document Configuration Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | ✘ | ✘ | ✘ |
| ✔ | ✔ | ✘ | ✘ |
| ✔ | ✔ | ✔ | ✘ |
| ✔ | ✔ | ✘ | ✔ |
Document Viewer rights define the access rights for viewing documents in the Documents tab
Document Viewer Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | n/a | n/a | n/a |
Driver
Driver rights define the access permission for configuring the drivers.
Driver Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | ✘ | ✘ | ✘ |
| ✔ | ✔ | ✘ | ✘ |
| ✔ | ✔ | ✔ | ✘ |
| ✔ | ✔ | ✘ | ✔ |
NOTE: Creating driver objects also depends on the Object Configurator rights.
Filter Groups
Filter Groups application rights define permissions for viewing and modifying data, creating new filter groups and deleting existing filter groups.
Filter Groups Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | ✘ | ✘ | ✘ |
| ✔ | ✔ | ✘ | ✘ |
| ✔ | ✔ | ✔ | ✘ |
| ✔ | ✔ | ✘ | ✔ |
Graphics Editor
Graphics Editor application rights define the permissions for creating, modifying, and deleting graphic objects such as project graphics, symbols, and graphic templates.
Graphic Editor Application Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | ✔ | ✔ | ✔ |
| ✘ | ✔ | ✘ | ✔ |
| ✘ | ✔ | ✔ | ✔ |
| ✘ | ✔ | ✔ | ✔ |
Graphics Library Editor
Graphics Library Editor application rights define the permissions for viewing Symbols and Graphic Templates libraries, and modifying or configuring them.
Graphic Library Editor Application Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | ✔ | ✔ | ✔ |
| ✘ | ✔ | ✔ | ✘ |
| ✘ | ✘ | ✘ | ✔ |
Graphics Viewer
The access rights for the Graphic Viewer application define the user’s ability to display a graphic, a symbol, a graphic template in the Graphic Viewer and in the Graphic Editor Runtime mode.
Graphic Viewer Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | n/a | n/a | n/a |
Help
Defines the sections of the Help that are displayed when the user presses F1 or selects the Help from the menu. In a new and upgraded project, both check boxes are selected.
Help Rights | Application Rights | |
Action | Access to Operating Help | Access to Engineering Help |
| ✔ ✘ ✔ | ✘ ✔ ✔ |
Icons
Icons rights define the access permission for configuring any icons library.
Icons Rights | Application Rights | Scope Rights | |||
Action | Show | Config. | Import | Create | Delete |
| ✔ | ✘ | ✘ | n/a | n/a |
| ✔ | ✔ | ✘ | n/a | n/a |
| ✔ | ✔ | ✔ | n/a | n/a |
NOTE: Adding and deleting icons library objects depends on Library rights.
Import Rules
Import Rules rights define the access permission for configuring the import rules.
Import Rules Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | ✘ | n/a | n/a |
| ✔ | ✔ | n/a | n/a |
NOTE: Adding and deleting import rules library objects depends on Library rights.
Importer
Importer rights define the access permission for performing the import operation.
Importer Rights | Application Rights | Scope Rights | |||
Action | Show | Config. | Execute | Create | Delete |
| n/a | n/a | ✔ | n/a | n/a |
Journaling
For Journaling, two types of access permission are available:
- Journaling printers
- Journaling configuration
Journaling Printers application rights define the access rights for configuring journaling printers.
Journaling Printers Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | ✘ | ✘ | ✘ |
| ✔ | ✔ | ✘ | ✘ |
Journaling Configurator application and Scope rights define the access rights for configuring the journaling configurator.
Journaling Configurator Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | ✘ | ✘ | ✘ |
| ✔ | ✔ | ✘ | ✘ |
| ✔ | ✔ | ✔ | ✘ |
| ✔ | ✔ | ✘ | ✔ |
Library
Library rights define the access permission for the Library Configurator.
Library Rights | Application Rights | Scope Rights | ||||
Action | Show | Config. | Import | Export | Create | Delete |
| ✔ | ✘ | ✘ | ✘ | ✘ | ✘ |
| ✔ | ✔ | ✘ | ✘ | ✘ | ✘ |
| ✔ | ✔ | ✔ | ✘ | ✘ | ✘ |
| ✔ | ✔ | ✔ | ✔ | ✘ | ✘ |
| ✔ | ✔ | ✔ | ✔ | ✔ | ✘ |
| ✔ | ✔ | ✔ | ✔ | ✘ | ✔ |
License
License rights define the access permission for displaying license data.
License Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | n/a | n/a | n/a |
Localization
Localization rights define the access rights for handling the texts to localize.
Localization Rights | Application Rights | Scope Rights | |||
Action | Show | Config. | Import | Create | Delete |
| ✔ | n/a | ✘ | n/a | n/a |
| ✔ | n/a | ✔ | n/a | n/a |
Log Viewer
Log Viewer application and Scope rights define the access rights for configuring Log Viewer.
Log Viewer Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | ✘ | ✘ | ✘ |
| ✔ | ✔ | ✘ | ✘ |
| ✔ | ✔ | ✔ | ✘ |
| ✔ | ✔ | ✘ | ✔ |
Macro
Macro rights define the access permission for configuring macros.
Macro Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | ✘ | ✘ | ✘ |
| ✔ | ✔ | ✘ | ✘ |
| ✔ | ✔ | ✔ | ✘ |
| ✔ | ✔ | ✘ | ✔ |
Network
Network rights define the access permission for configuring networks.
Network Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | ✘ | ✘ | ✘ |
| ✔ | ✔ | ✘ | ✘ |
| ✔ | ✔ | ✔ | ✘ |
| ✔ | ✔ | ✘ | ✔ |
NOTE: Adding network objects also depends on the Object Configurator rights.
Node Map
Node Map rights define the access permission for configuring the Node Map view.
License Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| n/a | ✔ | n/a | n/a |
Object Configurator
Object Configurator rights define the access permission for objects.
Object Configurator Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | ✘ | ✘ | ✘ |
| ✔ | ✔ | ✘ | ✘ |
| ✔ | ✔ | ✔ | ✘ |
| ✔ | ✔ | ✘ | ✔ |
Operating Procedure
Operating procedure rights define the access rights for configuring the operating procedures for assisted treatment.
Operating Procedure Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | ✘ | ✘ | ✘ |
| ✔ | ✔ | ✘ | ✘ |
| ✔ | ✔ | ✔ | ✘ |
| ✔ | ✔ | ✘ | ✔ |
Reactions
Reactions rights define the access rights for configuring the reactions.
Reactions Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | ✘ | ✘ | ✘ |
| ✔ | ✔ | ✘ | ✘ |
| ✔ | ✔ | ✔ | ✘ |
| ✔ | ✔ | ✘ | ✔ |
Reporting and Application Viewer
Reports application and Scope rights define the access rights for configuring different types of reports and is also used to view and configure applications in the Application Viewer tab (see Application Viewer table below.)
NOTE: If you have a combination of application rights, a union of all the groups is assessed.
Reports Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | ✘ | ✘ | ✘ |
| ✔ | ✔ | ✘ | ✘ |
| ✔ | ✔ | ✔ | ✘ |
| ✔ | ✔ | ✘ | ✔ |
Application Viewer
The Application Viewer allows you to access web reporting applications to configure and execute them. With the appropriate application rights, the Application Viewer tab displays from the following:
- Advanced Reporting
- Managed Meter
- Links
Application Viewer | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | ✘ | ✘ | ✘ |
| ✔ | ✔ | ✘ | ✘ |
Schedules
Schedules application and Scope rights define the access rights for setting up and configuring schedules on management stations or on field panels at your facility.
Scheduler Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | ✘ | ✘ | ✘ |
| ✔ | ✔ | ✘ | ✘ |
| ✔ | ✔ | ✔ | ✘ |
| ✔ | ✔ | ✘ | ✔
|
| ✔ | ✔ | ✔ | ✔ |
Scopes
Scopes application and Scope rights define the access rights for configuring Scopes.
Scopes Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | ✘ | ✘ | ✘ |
| ✔ | ✔ | ✘ | ✘ |
| ✔ | ✔ | ✔ | ✘ |
| ✔ | ✔ | ✘ | ✔ |
Security
Security application rights define the permissions for configuring the security of a user group.
Security Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | ✘ | ✘ | ✘ |
| ✔ | ✔ | ✘ | ✘ |
| ✔ | ✔ | n/a |
|
| ✔ | ✔ |
| n/a |
Sessions
Sessions application rights define the permissions for configuring sessions.
Sessions Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | ✘ | ✘ | ✘ |
| ✔ | ✔ | ✘ | ✘ |
| ✔ | ✔ | n/a |
|
| ✔ | ✔ |
| n/a |
System Management
System Management rights define the access permission for the application to configure:
- Stations, peripherals, and internal devices. In particular,
- Under Desigo CC server,
- Add and configure the hard disk drive or server printer.
- Add the OPC DA Server.
- Add a WMI UPS. Configuring this object requires Device rights. - Under an Installed Client or a FEP station:
- Create the Drivers folder.
- Add and configure the hard disk drive.
- Add a WMI UPS. Configuring this object requires Device rights. - Under an SNMP Network, add and configure:
- SNMP-capable devices such as, printer, UPS, switch, or a custom SNMP device.
Configuring the UPS, switch, or custom device objects requires Device rights. - Individual properties for an SNMP device
Configuring these objects requires Device rights. - Visibility of Engineering/Operating button in System Manager.
You can configure Toggle Engineering Mode rights to grant or deny access to Engineering mode for a user group. Be careful not to deny these rights for the user group that you belong to. If you deselect the Toggle Engineering Mode check box for your user group, the next time you switch back to Operating mode the Operating/Engineering button will no longer display. At that point, you can no longer go back and re-enable your Engineering rights.
System Management Rights | Application Rights | Scope Rights | |||
Action | Show | Config. | Toggle Engin. Mode | Create | Delete |
| ✔ | ✘ | ✘ | ✘ | ✘ |
| ✔ | ✔ | ✘ | ✘ | ✘ |
| ✔ | ✔ | ✔ | ✘ | ✘ |
| ✔ | ✔ | ✔ | ✔ | ✘ |
| ✔ | ✔ | ✔ | ✘ | ✔ |
NOTE:
If you change the application rights for a user group, the changes will take effect immediately, even if those users are currently logged on and using the system.
Trends
Trend application and Scope rights define the access rights for configuring the Trends.
Trend Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | ✘ | ✘ | ✘ |
| ✔ | ✔ | ✘ | ✘ |
| ✔ | ✔ | ✔ | ✘ |
| ✔ | ✔ | ✘ | ✔ |
NOTE:
If you want to prevent a user from creating or deleting BACnet Trend Log or Trend Log Multiple objects, then the user group to which this user belongs must not have the Create and Delete Scope rights and Config application right on the BACnet configurator.
Trends Manual Correction
Trends Manual Correction application rights define the access rights for configuring the Manual Correction application.
Manual Correction Application Rights | Application Rights | |
Action | Show | Config. |
| ✘ | ✘ |
| ✔ | ✘ |
| ✔ | ✔ |
Users
Users application rights define the permissions for configuring users.
Users Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | ✘ | ✘ | ✘ |
| ✔ | ✔ | ✘ | ✘ |
| ✔ | ✔ | n/a |
|
| ✔ | ✔ |
| n/a |
View Builder and View Configurator
For configuring site views, two types of access permission are available:
- View Builder
- View Configurator
View Builder rights define the access permission for building site views.
View Builder Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | ✘ | ✘ | ✘ |
| ✔ | ✔ | ✘ | ✘ |
| ✔ | ✔ | ✔ | ✘ |
| ✔ | ✔ | ✘ | ✔ |
View Configurator rights define the access permission for configuring site views.
View Configurator Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | ✘ | ✘ | ✘ |
| ✔ | ✔ | ✘ | ✘ |
| ✔ | ✔ | ✔ | ✘ |
| ✔ | ✔ | ✘ | ✔ |
Calibrators
Calibrators application and scope rights define permissions for viewing and modifying calibrator object, creating new calibrator object and deleting existing calibrator object.
Calibrator Rights | Application Rights | Scope Rights | ||
Action | Show | Config. | Create | Delete |
| ✔ | ✘ | ✘ | ✘ |
| ✔ | ✔ | ✘ | ✘ |
| ✔ | ✔ | ✔ | ✘ |
| ✔ | ✔ | ✘ | ✔ |