User - configuration dialog box
Configuration of user's parameters is being performed in the following dialog box.
The configuration dialog box consists of three basic parts (tabs):
User's full name, which will be always displayed in the titles of process windows. (Required parameter).
If the option is checked, the defined user is an administrator. Administrator has the access rights to all objects of D2000 system and can carry out all the parameters in the part Enabled actions are enabled (he/she can carry out all the actions). Normally, only administrator can log in to configuration processes of D2000: Application Manager, CNF, GrEditor, System Console, Tell. This setting can be changed by application parameter AllowNonAdminConfLogin.
If the option is checked, the user's logon to all D2000 processes is not allowed.
If the checkbox is checked, the user's definition will be limited by the date entered in the spin box placed right from this checkbox. After expiration of the date, the system will deny to logon the user.
Timeout logoff is given in minutes. If the user is not carrying out any actions in process D2000 HI within this time, he/she will be automatically logged off.
Enable empty password
If the checkbox is checked, the user need not any password for access to individual processes of D2000 system - only to enter the user's name (not full name). Logon is required only to client processes with user interface - D2000 HI, D2000 GrEditor and D2000 DDE Server.
Max. expiration time [days]
If the option is checked, the password validity is limited by the number of days entered in the spin button placed right. After expiration of this password validity, the user is called to change the password for 5 times. If he does not change it, the next logon will be denied. In the spin button Limited to, there is displayed information about the last day of the defined password validity.
Each user can change his/her password via the dialog box in process D2000 HI. After any password change, the password validity will be adjusted automatically to the date increased by the number in the parameter Max. expiration time.
During entering the new name and password, it is necessary to enter the same password twice - into the input fields Password and Confirmation to confirm the correctness of the password.
Change password at login
If the option is checked, given user will be forced to change his/her password at next logon into process D2000 HI. After changing the password, D2000 Server will automatically uncheck the option Change password at login (the change of password will not be necessary at next logon). If given user is currently logged on into process D2000 HI, he/she will be automatically logged off from the process. This feature works also in D2000 Thin Client.
User delimits external reference
If the option is checked, the system will generate a warning when user tries to rename or delete the object on which the user has rights.
This option is useful when the value of some object is read/set through the process D2000 GateWay Server or D2000 OPC Server. Both processes refer to object by name (without reference integrity), hence to rename or delete the object can be dangerous. If these "delimits external references" are accessible to the user, the system will generate a warning when user tries to rename or delete the object. This attribute does not influence the other parameters of object.
Allow to configure objects of User type
This option is useful only for user with administrator rights (option Administrator in the configuration dialog window). The administrator allows to configure the objects of User type, he can create, edit, rename and delete the other users. If the logged on user is not administrator he can only read these objects.
The checkbox Composition allows to choose a graphic information window (picture, graph) or composition of windows. The selected object will be opened on HI process desktop always after correct user's logon.
Definition of up to eight objects, that the user can open (start) from process D2000 HI using command buttons in the toolbar or keyboard shortcuts (CTRL+1 up to CTRL+8).
These objects may be the following types:
- Command file
Enabling or disabling of some special operations for the user in HI process environment. Enabling (or disabling) will show (hide) the particular item in the menu of the process D2000 HI after user's logon.
- Print - print graphs, and pictures.
- Edit archive - edit the archive - modify, delete, and insert values into the archive database.
- View archive - the subset of Edit archive: browse historical values using HI process facilities.
- HI Parameters - configuration of the HI process parameters.
- Stop HI - stop the process D2000 HI.
- Conf. of G, C, R - configuration of:
- Open G, C, R - open individual objects by means of the menu Open in Hi process environment.
- Edit dictionary - enables editing the Dictionary
- Structures - select structures from the list and then browse/modify it
- Alarms - open the list of Alarms.
- Logging - browse the log database.
- External tools - configuration of external tools.
- View TC - browse Time channels.
- Browser - open Browser.
- Macros - configuration of User macros.
- Open Pictures - open individual picture objects by means of the menu Open in Hi process environment.
Selection of permitted authentication methods. As a default, only D2000 method is permitted (verification of name and password which have been configured in this dialog box). Other methods (NTLM, Kerberos, TCL, RFID) are disabled. To use other authentication methods than the default one you must enable the method to selected/all users through the configuration parameters of D2000 Server process.
The checkbox TCL also enables/disables to log on the user through a web browser in the thin client environment.
This parameter is mandatory for NTLM, Kerberos and TCL authentication. In all cases after the successful verification of user's identity by the Windows authentication subsystem (NTLM/Kerberos) it is also verified that the user is logged into the domain with the same name as the value of parameter Domain (comparison is case-sensitive). If the domain name is different, the logon will fail and the log of process D2000 Server will contain the error message similar to this one:
Authentication: error in domain - expecting Ipesoft, found IPESOFT
Group of objects
User's access to individual object groups is defined in the tab Object groups.
Clicking the button will display the selection windows containing the list of all object groups. Functional buttons in the selection windows will add the selected group (or selection) into the list of user's object groups. The groups already added are grey.
The button will remove the selected object groups from the user's configuration.
The button sets the access right Read for the selected groups.
The button sets the access right Control for the selected groups.
The button sets the access right Modify for the selected groups.
The button sets the access right No access for the selected groups.