Administrator could create as many user as per requirement with different sets of role. User's role can be seen as a user group in security context. In
configuration, a SCADA operation user can be created and setting the initial password, expiry date and or session. If this instance is set to value of one (1), then login from multiple locations is prohibited.Once a user is created, security role can then be granted to as per requirement. Note that the multiple role can be assigned to a single user by using comma as separator. Furthermore, the
IP can be associated to each role for specific user for tighter security control. Single * is referring to any location login, 192.168.1.* means allowing login from any IP start with 192.168.1. Multiple IP addresses can be entered by splitting with comma.The numbers of role can be associted without any restriction, but it will only be granted to the login location specified unless it's entered as *. This means any data or content protection that associated with the role can only be accessible when user login from the associated location. For instance, the admin or system security planner may want to allow an Operator to start a pump from site control room but can only check the pump status from office terminal, Supervisor is allowed to start a pump from both site & office but only can check the pump status from home, and then Engineer may be allowed to start a pump from all 3 locations.
Specifying IP Address into
shall greatly enhance the SCADA security by blocking any intrusion from unknown locations, especially for SCADA system that open to Internet access. For instance, a standalone SCADA system shall be entered with 127.0.0.1 so no remote client is allowed, and for local area network access only should be entered with same range of IP like 192.168.1.*. And if the system is meant for Internet access, administrator shall check out the country IP range to restrict the access from own country and any other possibly needed countries only.The
in User entry shall avoid to be used as it is depricated and is kept for legacy support only.