Authorizing and Archiving Concept
Authorizing Concept
Each user who makes changes to a datapoint (object), needs the corresponding authorization level. The access privilege also provides protection against unauthorized access of a user or a whole user group.
The authorization concept is based on the WinCC OA user administration:
- Authorization levels - see WinCC OA Online Help "System management -> Authorizations -> Authorization levels"
- Area administration - see WinCC OA Online Help "System Management -> Authorizations -> Areas"
The following authorization levels are used:
Bit | Authorization level |
---|---|
1 | Visualization - only visualization is allowed. |
2 | Normal operator authorization - permits the opening of child panels. |
3 | Advanced operator authorization - permits the execution of commands, explicit setting of replacement values, input of correction values as well as changes to all value range types. |
4 | Administration - permits the use of GEDI and PARA. |
5 | Acknowledgement - permits acknowledgment of alerts. |
Note that at least bit 1 is required for the visualization and opening of panels through bit 2.
Additionally, areas for each object can be defined separately, whereby a project-specific authorization is possible.
For each object (WinCC OA datapoint) the admissible area can be defined in the Objekt.general.area datapoint element.
If the area administration is used (set area on the "area" datapoint element), the authorization is verified via the getUserPermissionForArea() function - otherwise via the getUserPermission() function. For information on these functions, see WinCC OA Online Help.
Archiving Concept
The BACnet Addon does not define or preconfigure any archiving. Archiving configs can be added by the user using master data points on the properties needed.