System Privilege Reference for Developers
For programmers: Every general privileges has an index number starting at -1. User privileges have an index number, starting at 16. The index number can be seen in the Privileges dialog, available from the security menu.
--Administration--
Administrator Privilege
| Scope |
Security-related |
| If Granted |
Provides operators the ability to change the application-wide administrative security settings using the Administrative Settings dialog.
Required for operations that modify Roles. |
| Notes |
Administrative settings that may be modified by operators granted the Administrator privilege include:- Change the auto-logoff time period. All operators will automatically be logged off of their user account if the application is left idle for the amount of time specified.
- Change the minimum length permissible for passwords.
- Suppress and reveal general privileges in all other security dialogs.
- Add and modify custom privileges.
|
Configure Privilege
| Scope |
Application Configuration |
| If Granted |
Enables access to the Application Configuration dialog.
Enables access to the Import File Changes button in the VAM.
Enables access to the Remove button in the VAM.
|
| Notes |
Even with configuration privileges, an operator will not have full access to the tools in the dialogs noted. See the following list of related privileges that are required for full configuration rights. |
| Related Privileges |
Tag Add/Copy Privilege
Tag Modify Privilege
Tag Delete Privilege
Edit Files Privilege
Deploy Changes Privilege
Revert Changes Privilege
Page Add Privilege
Page Delete Privilege
Page Modify Privilege |
--Account Control--
Manager Privilege
| Scope |
Security-related |
| If Granted |
Enables operators to add, copy, modify, and delete user accounts, and manage privileges for these user accounts. |
| Notes |
Your application must always include at least one account with the Manager privilege for the purposes of maintaining security accounts for your application.
If you wish to modify Roles, you must possess the Administrator privilege in addition to the Manager privilege. |
Account Modify Privilege
| Scope |
Security-related |
| If Granted |
Enables operators to change their own passwords using the Accounts dialog. |
| Notes |
When you configure your operator accounts, you may choose to enter a temporary, generic password (such as the operator's first name), and grant the Account Modify privilege to these accounts. Operators may then logon to their accounts and modify their temporary password to one that is secure.
This privilege is not needed when operators are required to change an expiring password. |
Account View Privilege
| Scope |
Security-related |
| If Granted |
Enables operators to view (but not modify) their own privileges using the Accounts dialog. |
| Notes |
The Account View privilege provides read-only access to a list of the user's privileges. |
Thin Client Access Privilege
| Scope |
Thin Clients |
| If Granted |
Enables remote users without VTScada installed to access a VTScada application running on a VTScada Thin Client Server. |
| Notes |
The Thin Client privilege is only pertinent to those VTScada installations that have also purchased a view-only or control-capable VTScada Thin Client Server license.
|
Remote Data Access Privilege
| Scope |
Thin Clients |
| If Granted |
Enables remote users without VTScada installed to access data data via SOAP or REST |
| Notes |
|
--Application Control--
Application Stop Privilege
| Scope |
Application Operation |
| If Granted |
Enables operators to stop an application. |
| Notes |
VTScada will not shut down while an application is running. |
Application Manager View
| Scope |
Application Configuration |
| If Granted |
When the property HideWAM is true, only accounts that possess this privilege may view the VTScada Application Manager. |
| Notes |
Has no effect until HideWAM (HideVAM) is set to true. |
--Version Control--
Advanced Version Control Privilege
| Scope |
Application Configuration |
| If Granted |
Enables operators to use the Version Control dialog to change or revert versions. Note that Version Control is only available if your VTScada license includes it. |
| Related Privileges |
Deploy Changes Privilege
Revert Changes Privilege |
Deploy Changes Privilege
| Scope |
Application Configuration |
| If Granted |
Determines whether local changes can be made part of the application's working set of files. Additionally, deployed changes are distributed to all workstations running the application. |
| Notes |
The Deploy Changes dialog is found in the Application Configuration dialog.
If the Auto-Deploy option is selected, as it is by default, then the Deploy Changes button is not used. |
| Related Privileges |
Configure Privilege
Advanced Version Control Privilege
Edit Files Privilege
Revert Changes Privilege |
Revert Changes Privilege
| Scope |
Application Configuration |
| If Granted |
Enables operators to roll back changes that have not been deployed. |
| Related Privileges |
Configure Privilege - The Application Configuration dialog cannot be accessed without the Configure privilege. Therefore, the Configure privilege and the Revert Changes privilege must be granted together.
Advanced Version Control Privilege
Edit Files Privilege
Deploy Changes Privilege - If the Auto-Deploy option is selected, as it is by default, then there will be no undeployed local changes to revert. |
--Application Configuration--
Edit Files Privilege
| Scope |
Application Configuration |
| If Granted |
Enables operators to use the Import File Changes dialog, and to manage files in the File Manifest. |
| Notes |
Files that have been changed outside of the VTScada user interface must be imported to become part of the set of working files. The File Manifest enables users to add or remove files that are not mandatory parts of an application. |
| Related Privileges |
Configure Privilege
Revert Changes Privilege
Deploy Changes Privilege |
Page Add Privilege
| Scope |
Application Configuration |
| If Granted |
Enables users to create new pages and widgets using the Idea Studio. |
| Notes |
Granting the Page Add privilege enables the Add button in the Pages context menu. |
| Related Privileges |
Page Delete Privilege
Page Modify Privilege
|
Page Modify Privilege
| Scope |
Application Configuration |
| If Granted |
Allows a user to modify existing pages using the Idea Studio. |
| Notes |
This privilege must be granted before a user may open the Idea Studio. |
| Related Privileges |
Page Add Privilege
Page Delete Privilege
|
Page Delete Privilege
| Scope |
Application Configuration |
| If Granted |
Gives users the ability to delete pages and widgets using the Idea Studio. |
| Notes |
Granting the Page Delete privilege enables the Idea Studio's page or widget delete button. |
| Related Privileges |
Page Add Privilege
Page Modify Privilege
|
Parameter View Privilege
| Scope |
Application Operation |
| If Granted |
Enables operators who do not have the Tag Modify privilege to view the properties of tags. Operators can right-click any basic I/O tag's widget, and select the Properties shortcut menu item. The tag properties folder will open.
Enables operators who do not have the Tag Modify privilege to create, edit and delete Roster contacts.
|
| Notes |
Adds nothing if the operator has the Tag Modify privilege. |
| Related Privileges |
Tag Modify |
Tag Add/Copy Privilege
| Scope |
Application Configuration |
| If Granted |
Enables operators to add new tags or copy existing tags using the Tag Browser. |
| Related Privileges |
Tag Modify Privilege - Operators must also have the Tag Modify privilege to configure the new tag they are adding.
Tag Delete Privilege - If you want to let users remove tags from your application, you may additionally grant the Tag Delete privilege. |
Tag Modify Privilege
| Scope |
Application Configuration |
| If Granted |
Enables operators to modify the properties of new and existing tags using the Tag Browser. |
| Related Privileges |
Tag Add/Copy Privilege
Tag Delete Privilege |
Tag Delete Privilege
| Scope |
Application Configuration |
| If Granted |
Enables operators to delete tags using the Tag Browser. |
| Related Privileges |
Tag Add/Copy Privilege
Tag Modify Privilege |
Manage Tag Types
| Scope |
Application Development |
| If Granted |
Enables developers to use the Redefine Type button in the Tag Browser and use the Manage Types dialog in the Application Configuration dialog. |
| Notes |
The Redefine Type button can be extremely dangerous. This privilege should be granted only to experienced developers. |
--Alarm Operations--
Alarm Acknowledge Privilege
| Scope |
Alarm Management |
| If Granted |
Enables operators to acknowledge alarms while silencing the sounding audio alarm siren by clicking the Ack or Ack All buttons in the Actions button panel on the Alarm page. |
| Notes |
Without the Alarm Acknowledge privilege, the Ack and Ack All buttons in the Actions panel on the Alarm page are disabled. |
| Related Privileges |
Alarm Mute
Alarm Silence |
Alarm Disable Privilege
| Scope |
Alarm Management |
| If Granted |
Enables operators to disable alarms in the event that equipment needs to be disconnected, or must undergo maintenance. |
| Notes |
Disabling an alarm results in the suspension of any alarm signals from the selected equipment until the alarm is enabled. As a result, you should grant the Alarm Disable privilege with caution, and instruct operators on the proper method of disabling and enabling alarms. |
| Related Privileges |
Tag Modify Privilege |
Alarm Mute Privilege
| Scope |
Alarm Management |
| If Granted |
Enables operators to mute alarm sounds by clicking the Mute button on the Alarm page. |
| Notes |
Without the Alarm Mute privilege, the Mute button in the Actions panel on the Alarm page is disabled. |
| Related Privileges |
Alarm Acknowledge
Alarm Silence
Alarm Shelve |
Alarm Silence Privilege
| Scope |
Alarm Management |
| If Granted |
Enables operators to silence alarm sounds by clicking the Silence button on the Alarm page. |
| Notes |
Without the Alarm Silence privilege, the Silence button in the Actions panel on the Alarm page is disabled. |
| Related Privileges |
Alarm Acknowledge
Alarm Mute
Alarm Shelve |
Alarm Shelve Privilege
| Scope |
Alarm Management |
| If Granted |
Enables operators to shelve alarms, leaving them enabled but deactivating all notifications. |
| Notes |
A shelved alarm will still be triggered and logged, but will not be shown in the list of current alarms and will not activate any notification features. |
| Related Privileges |
Alarm Silence
Alarm Mute |
--Tag Operations--
Manual Data Privilege
| Scope |
Application Operation |
| If Granted |
Enables operators who do not have the Tag Modify privilege to enter manual data for input and status tags, to override the value being reported for the tag from the I/O device.
Enables operators who do not have the Tag Modify privilege to create, edit and delete Roster contacts. |
| Notes |
Adds nothing if the operator has the Tag Modify privilege. |
| Related Privileges |
Tag Modify Privilege
Parameter View
Questionable Privilege
|
Questionable Privilege
| Scope |
Application Operation |
| If Granted |
Enables operators who do not have the Tag Modify privilege to change the questionable flag on any tag. |
| Notes |
Does nothing if the operator has the Tag Modify privilege. |
| Related Privileges |
Alarm Disable
Manual Data Privilege
|
Control Outputs Privilege
| Scope |
Application Operation |
| If Granted |
Allows operators to write values to equipment using tags that are not otherwise protected by an application property. |
| Notes |
Granted to all default roles except Logged Off.
Managed by VTScada, and cannot be granted or denied. |
| Related Privileges |
|
--Historical Data--
Group Delete Privilege
| Scope |
Application Operation |
| If Granted |
Enables operators to delete pen groups from the Historical Data Viewer page.
Must also have the Group Modify privilege. |
| Related Privileges |
History Page Access Privilege
Group Save Privilege
Pen Modify Privilege |
Group Modify Privilege
| Scope |
Application Operation |
| If Granted |
Enables users to modify pen groups from the Historical Data Viewer page. |
| Related Privileges |
History Page Access Privilege
Group Delete Privilege
Group Save Privilege
Note Add |
Group Save Privilege
| Scope |
Application Operation |
| If Granted |
Enables operators to save new pen groups from the Historical Data Viewer page.
Must also have the Group Modify privilege. |
| Related Privileges |
History Page Access Privilege
Group Modify Privilege
Note Add
Pen Modify Privilege |
Note Add Privilege
| Scope |
Application Operation |
| If Granted |
Enables operators to add notes to selected notebooks from the Historical Data Viewer page. |
| Related Privileges |
History Page Access Privilege
Pen Modify Privilege
Group Delete Privilege
Group Save Privilege
|
Pen Modify Privilege
| Scope |
Application Operation |
| If Granted |
Enables operators to modify the attributes of the pens plotting data on the Historical Data Viewer page. |
| Related Privileges |
History Page Access Privilege
Group Delete Privilege
Group Modify Privilege
Group Save Privilege |
Edit Data Privilege
| Scope |
Application Operation |
| If Granted |
Enables operators to add override the data in the grid tab of the Historical Data Viewer |
| Related Privileges |
History Page Access Privilege
Group Delete Privilege
Group Modify Privilege
Group Save Privilege |
--Page Access--
Alarm Page Access Privilege
| Scope |
Application Operation |
| If Granted |
Enables operators to access the default VTScada Alarm page. |
| Related Privileges |
History Page Access Privilege
Reports Page Access Privilege
Map Page Access Privilege
Operator Notes Page Access Privilege
Sites Page Access Privilege
Group Delete Privilege
Group Modify Privilege
Group Save Privilege |
History Page Access Privilege
| Scope |
Application Operation |
| If Granted |
Enables operators to access the default VTScada Historical Data Viewer page. |
| Related Privileges |
Alarm Page Access Privilege
Note Add
Pen Modify Privilege
Reports Page Access Privilege
Map Page Access Privilege
Operator Notes Page Access Privilege
Sites Page Access Privilege
Group Delete Privilege
Group Modify Privilege
Group Save Privilege |
Thin Client Tools Access Privilege
| Scope |
VTScada Thin Client Connections |
| If Granted |
Enables advanced users to use an Internet connection to access the various debugging and analysis tools included with VTScada. |
| Notes |
The Thin Client Tools Access privilege applies to VTScada Internet connections only. |
| Related Privileges |
The Thin Client Access Privilege |
Thin Client Monitor Access Privilege
| Scope |
VTScada Thin Client Connections |
| If Granted |
Enables advanced users to view the Thin Client Monitor page within an application, if present. |
| Notes |
The Thin Client Monitor Access privilege applies to VTScada Internet connections only. Do not confuse with the Thin Client Monitor application. |
| Related Privileges |
The Thin Client Access Privilege |
Thin Client Monitor Admin Privilege
| Scope |
VTScada Thin Client Connections |
| If Granted |
Enables advanced users to view and operate the Thin Client Monitor page within an application, if present. |
| Notes |
The Thin Client Monitor Admin privilege applies to VTScada Internet connections only. |
| Related Privileges |
The Thin Client Access Privilege |
Maps Page Access Privilege
| Scope |
Application Operation |
| If Granted |
Enables operators to access the Map page.
|
| Notes |
No map will be shown to operators who do not have this privilege. |
| Related Privileges |
Alarm Page Access Privilege
Reports Page Access Privilege
Operator Notes Page Access Privilege
Sites Page Access Privilege
|
Operator Notes Page Access Privilege
| Scope |
Application Operation |
| If Granted |
Enables operators to access the Operator Notes page.
|
| Notes |
Applies only to the Operator Notes page, not to Operator Notes available through the HDV, Alarm Page, or custom widgets. |
| Related Privileges |
Alarm Page Access Privilege
Reports Page Access Privilege
Maps Page Access Privilege
Sites Page Access Privilege
|
Reports Page Access Privilege
| Scope |
Application Operation |
| If Granted |
Enables operators to access the default VTScada Reports page. |
| Related Privileges |
Alarm Page Access privilege
History Page Access Privilege
Maps Page Access Privilege
Operator Notes Page Access Privilege
Sites Page Access Privilege |
Sites Page Access Privilege
| Scope |
Application Operation |
| If Granted |
Enables operators to access the Sites page.
|
| Notes |
No site list will be shown to operators who do not have this privilege. |
| Related Privileges |
Alarm Page Access Privilege
Reports Page Access Privilege
Map Page Access Privilege
Operator Notes Page Access Privilege
|
| Scope |
Application Operation |
| If Granted |
Enables operators to access the Recipes page.
|
| Notes |
Use of the page requires the following related privileges. |
| Related Privileges |
|
| Scope |
Application Operation |
| If Granted |
Enables operators to modify recipe ingredients.
|
| Notes |
|
| Related Privileges |
|
| Scope |
Application Operation |
| If Granted |
Enables operators to start a recipe batch run.
|
| Notes |
|
| Related Privileges |
|
--Miscellaneous--
Global Tag & Area Filter
| Scope |
Application Operation |
| If Granted |
Enables operators to filter tag lists based on name or area. |
| Notes |
Granting this privilege enables the Global Tag & Area Filter button at the top of every page. With this, they can filter tag and alarm lists. |
| Related Privileges |
History Page Access
Alarm Page Access
Reports Page Access
|
Page Note Edit Privilege
| Scope |
Application Operation |
| If Granted |
Enables operators to add, modify and delete page notes. |
| Notes |
Granting this privilege enables the Page Notes button at the top of every page. No other configuration privileges need be granted for an operator to add or edit page notes. |
| Related Privileges |
Page Note Hide Privilege |
Page Note Hide Privilege
| Scope |
Application Operation |
| If Granted |
Enables operators to hide or display existing page notes. |
| Notes |
Granting this privilege enables the Page Note Display button at the top of every page. |
| Related Privileges |
Page Note Edit Privilege |
Trihedral and VTScada are registered trade marks of Trihedral Engineering Limited
© Trihedral Engineering Limited 1983- 2021 All rights reserved.
