User authentication
The WinCC OA user authentication will be used during the login to the Excel Report if it's specified in the general options for the host that the WinCC OA login shall be active. I.e. any user who wants access to this host via the Excel Report must exist in the WinCC OA project and know the login information.
The authorization of a user in WinCC OA will affect the management function (i.e. configuration) and visibility of protocols of other users. Since the authorization is specified in WinCC OA, it's easy to apply changes by a CTRL script.
Preparations by the administrator
The checkbox "WinCC OA login" must be active in the general options for a particular host so that the user authentication is effective for that host.
If the Excel report is started with the environment variables ER_LOGIN = user_name, ER_PWD = encrypted_password, it runs without any further login query.
Therefore, the validity of the login is verified via the internal ExcelReport data point (data point type _report) and a related control script in WinCC OA is checked. If the environment variable is not set or the login is invalid, a login window will be displayed. The user has to authenticate with its WinCC OA login data. This will verify the global permissions of the user.
Global (area-independent) permissions
Those permissions mainly refer to management functions (control during a call) and must be defined via "user administration" in the system management.
Via the Settings Management you can enter the following setting names (refer to "Value Table - Permissions" in _Report). They have to be created as global and with default values, however, they can be modified for each user in the user settings management. The settings will be passed to the internal data point _Report via a control script automatically.
Setting | Type | Value example | Description |
---|---|---|---|
ExcelReport_edit_template | bool | TRUE | Templates editable/ Create Templates |
ExcelReport_upgrade_template | bool | TRUE | Update Templates |
ExcelReport_shortcut | bool | TRUE | Quick selection can be used |
ExcelReport_scheduler | bool | TRUE | Scheduler can be used |
ExcelReport_recipients | bool | TRUE | Mailing lists can be used |
ExcelReport_options | bool | TRUE | Options can be set |
ExcelReport_read_archive | bool | TRUE | Archive structure readable |
ExcelReport_edit_basevalues | bool | TRUE | Basic values editable |
ExcelReport_edit_costs | bool | TRUE | Costs editable |
All these setting names must be specified as type boolean and can be set to TRUE or FALSE individually for each user.
Permission | bit |
---|---|
templates configuration | |
creating / modifying/ saving | 1 |
upgrading | 2 |
protocol parameterizing | |
setting quick selection | 3 |
setting time table | 4 |
setting mailing list | 5 |
protocol configuration | |
setting options | 6 |
importing structure data | 7 |
editing base values | 8 |
The execution of the schedule is independent of the permission control of the current user. The administrator has the responsibility for correct entries of possible changes to the permissions.
Area-dependent permissions
The area permissions must also be entered global in the Settings Management before you can modify them for each group and automatically pass them to the internal data point _Report by the control script.
Therefore, you have to enter the following setting names:
ExcelReport_new_protocol
ExcelReport_edit_protocol
They must be specified as type string. The entries for the settings must be entered like this:
<area>,<permission 0|1>
There are two different permissions:
permission | bit |
---|---|
protocol | |
creating | 1 |
editing | 2 |
The permitted areas of a template are read out of the management of the quick selection. There are only those protocols displayed, for which the user has the area permission.
Area selection of a template
When creating a new template, the selection of the permitted area will be queried (multiple selection). This will be saved in the template configuration (as an index in the area list). The list of all areas will be provided by the control script in the internal data point. Index 0 means that all areas are provided.
Because of indexing, a subsequent change of the areas will affect all previously created templates.
Example
-
Open the user management panel through the system management.
-
Click on the settings management button.
-
Add the settings described at the beginning of this chapter and close the panel.
-
In the panel user administration, click the Administrate Areas button.
-
Create the areas for your groups.
-
In the panel user administration, click on Administrate groups.
-
Create the groups for your users (for example, groupA and groupB).
-
Add the areas for the groups, for example, areaA for groupA.
-
Add permissions using the button with the same name.
-
Then select a group, for example, groupA and click on the Settings button. The Define Settings Panel is opened. Add all the settings as shown in the figure below.
-
Change the values for the entries ExcelReport_edit_protocol and ExcelReport_new_protocol to:
areaA, 1
areaB, 0
and conversely. It is possible to restrict the rights of the groups so that they cannot edit costs or open the options by setting values to FALSE. Close the panel.
-
In the user administration panel, click on Add. Add your users, for example, userA and userB and add groups for the created users.
-
Open the Excel report through the System Management panel -> Reports tab.
-
Activate the macros.
-
Select "WinCC OA Login active" from AddIns- Report - Configuration - Option and click OK.
-
Enter a user name and the password for the user, for example, userA.
-
Select Archive Structure from Report - Configuration menu.
-
Create a new template for your project and select the areas for the logged in user (the logged in user is shown in the table in the upper left corner)