11.1. Security Role

Security architecture in IntegraXor SCADA is using Role-Based Access Control (RBAC), user admin shall start the design by defining the security role as a whole. For instance, a simple security hierarchy in a factory can be split into Engineer, Supervisor, Technician & Operator. These defined roles can then be associated to individual tags or database for data integrity, or Screen for page visibility, or Action for the control operation.

Role for user can be added as many as the system required, a user can be assigned to one or more roles, and a same role can also be applied to multiple users. Be aware when adding role onto tag, as that will restrict access for guest. Putting role on users is like granting them key, putting role on tag/database means adding lock onto those associated equipments. They must be matched in order to pass the security authentication.

Security Access based on Role/Area Control

Each security role could be granted with maximum concurrent login and maximum concurrent write . The Level can be used if hierarchy control is involved. The configured value for maximum concurrent login will determined the maximum allowable logins for a particular role. If the role carried by a user has reached the limit, login will be prohibited. However, for user assigned with multiple roles, login is permitted when at least one of the role did not reach the login limit. Whereas maximum concurrent write will limit the distribution of write permissions to a particular role. When the limit is reached, user will not attain write permissions for the particular role. Normally lesser concurrent shall be set to avoid conflict in control operation.

When a user logged into the system, the user will carry all the access rules defined by the role. Since the access permissions is not directly assigned to the user, management of individual user rights becomes a matter of simply assigning appropriate roles to the user's account. Thus this simplifies common operations, such as adding a user, or changing a user's department/location.

[Note] Note

Formally Role is being called "Label". It was renamed as "Role" to describe the context better.