Associate a Windows user group with a role.

Hi All,

I am facing issue while using the windows users groups with a role. I just want to give Runtime access to the operator & for Engineer/Manager I want to give the access of plant SCADA studio also.

These roles working fine in Runtime(SCADA) but I want to keep restriction over the studio so only engineer can open the application for development etc.

Top Replies

Jacky Lang over 1 year ago +1

Hi M Norman, If you use the version of 2020 R2 (8.3) or later, there are some Windows user groups that are created by Plant SCADA installer. These groups are configured in Configurator. In your case…

Leland Johnson over 1 year ago

M Noman,

That is done in Windows, using either modifications to the registry or through Group Policy. There are actually several different ways you can go about it, depending on how your Windows machine is configured regarding the Group and User distribution on the machine you want to limit. It is not something to be done in Citect/AVEVA. I do it on my builds via Group Policy, by limiting what applications Non-Administrative accounts can run. It can get moderately complicated; so I would suggest searching on some of the below, possible google searches . . .

1) "restrict users from running specific applications"

2) "restrict users from running specific applications group policy"

3) "restrict groups from running specific applications"

4) "restrict groups from running specific applications group policy"

I googled term 2) and got back a good amount of hits for applicable tutorials. There are many different ways to get done what you want to do. You just have to spend a little time sifting through the different available methods in order to determine which approach is best for your particular setup.
Cancel
Vote Up -1 Vote Down

Sign in to reply

Cancel

Jacky Lang over 1 year ago

Hi M Norman,

If you use the version of 2020 R2 (8.3) or later, there are some Windows user groups that are created by Plant SCADA installer. These groups are configured in Configurator. In your case, you should add the users with the Engineer role to both groups SCADA.ConfigUsers and SCADA.RuntimeUsers and add the users with the Manager/Operator role to SCADA.RuntimeUsers only.

Please refer to more information from Help below.

Security Role	Description
Configuration Users	Members of this role can run configuration tools (such as Plant SCADA Studio or Computer Setup Wizard) and start the runtime display client and server processes. Note: It is recommended that members of this role only start runtime for development purposes and not in a production system environment.
Runtime Users	Members of this role can run the runtime display client and make local CtAPI connections. Note: Any Windows^® user account that has to start runtime needs to be assigned to this role. See Add the Required Users to the Runtime Users Role.
Server Users	Members of this role can run Plant SCADA as a server process. If you are not running Plant SCADA as a service, add a member to this role who needs to run a Plant SCADA server (including a display client with [CtAPI]Remote enabled).

Security Role

Description

Configuration Users

Members of this role can run configuration tools (such as Plant SCADA Studio or Computer Setup Wizard) and start the runtime display client and server processes.

Note: It is recommended that members of this role only start runtime for development purposes and not in a production system environment.

Runtime Users

Members of this role can run the runtime display client and make local CtAPI connections.

Note: Any Windows^® user account that has to start runtime needs to be assigned to this role. See Add the Required Users to the Runtime Users Role.

Server Users

Members of this role can run Plant SCADA as a server process.

If you are not running Plant SCADA as a service, add a member to this role who needs to run a Plant SCADA server (including a display client with [CtAPI]Remote enabled).