User access rights in D2000 system are set up for users via so-called object groups. They can be created in the process D2000 CNF and then assigned to individual operators. For access to an object group, it is possible to define the access right level: Read, Control, Modify and No access. The lowest access priority has the level Read, the highest level has No access.
|Access right level||Access to system objects|
|Read||Access to values of the objects.|
|Control||Change of values of the objects.|
|Modify||Change of the object configuration (via the process D2000 CNF, editing pictures in the process D2000 GrEditor, etc.).|
|No access||No access to the objects.|
As one object can be a member of several groups, a situation when the user has various access right levels to the particular object can occur. In such case, the access level with the highest priority is applied.
Example - object's membership in several groups with various access right level
The station Station01 with its children (all the I/O tags whose parent is the station) is a member of the group GroupA with the access right level Control defined. A child of the object Station01 - the I/O tag Point is a member of the group GroupB with the access right level No access. Then the access to the object Point is denied for the user.
Object group is defined by its name and description. The content of the object group is the list of objects, that belong to it.