Read-Only Client
With the Authorization Control Plug-in attached to a client a Read-Only mode can be configured. The permissions are checked and enforced following the workstation settings in the plug-in.
In the read-only client the user rights assigned to user groups are reduced for work stations which have a reduced permission set defined in the workstation list of WinCC OA in the System Management. These settings are interpreted in the Authorization Control Plug-in on the client side.
Example: Via the permission settings the permissions for a selected client workstation where a user group typically has high permissions (e.g. administration rights), can only open (visualize) panels on such workstations with reduced permissions.
To enforce the workstation settings the user must login via the login panel.
Configuration Read-Only-Client
- Set the standard authorization on the "Views" tab of the authorization check plug-in wizard to "Read".
- Create the desired view via the plant model editor. In this example the views created via the example are used.
- For this example, the user group "para" is used as an example. The group has the first five authorization bits.
- Open the user administration and the workstation authorization via the System Management panel -> Permission -> User Administration -> Workstation button. Configure the work station authorization by specifying the host name of the work station and assigning the first two bits to all user groups (*). Set the rest of the bits to 0.
In this configuration on the work station with the name BC1A10LN the two bits are assigned to each user group. This means that the rights of the group "para" were reduced on the work station "BC1A10LN". Since the first bits were not specified for the views via the authorization check plug-in wizard, no views are assigned to this work station. Therefore, the default permission is used for each data point and the work station "BC1A10LN" is a read-only client. Also the client "LN5D" is made a read-only client.