Sie sind auf Seite 1von 46

Security Manager User Guide

Security Manager User Guide

Contents Page

Security Manager
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1:1
What is Security Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1:1
System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1:1
AVEVA Instrumentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1:1
Guide Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1:2

Security Manager Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2:1


Security Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:1
Select and Login to a Project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:1
Enable Basic Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:4
Toolbar Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:5
Create New Project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:5
Create SQL Server Project from Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:6
Set Authentication Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:9
Change the AVEVA Project Authentication Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:11
Edit Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:11
Import Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:12
Changing the Administrator Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:13
Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:15
Add a New Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:16
Edit a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:16

Copyright 2000 to current year. i 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide

Delete a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:16


Define Security Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:17
Initial User Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:17
Add a User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:18
Edit a User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:21
Delete a User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:21
Add New User to SQL Server Project. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:22
Define Object Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:23
Setting Security on Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:25
Define Area Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:27
Set Area Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:28
Set AI Reports Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:30
Package Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:31
Resolve Database Collation Conflicts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:33

Copyright 2000 to current year. ii 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
AVEVA Instrumentation
Security Manager
User Guide
AVEVA Solutions Limited

Disclaimer
AVEVA Instrumentation provides instrument sizing calculations for estimation purposes only, end users of the
software should not rely on the calculations produced by the software for design purposes. End users should seek
the advice of certified equipment suppliers prior to specifying or purchasing equipment.

To the fullest extent permissible at law:

a) AVEVA does not warrant that the use of the AVEVA software will be uninterrupted, error-free or free from viruses;

b) AVEVA shall not be liable for: loss of profits; loss of business; depletion of goodwill and/or similar losses; loss of
anticipated savings; loss of goods; loss of contract; loss of use; loss or corruption of data or information; any
special, indirect, consequential or pure economic loss, costs, damages, charges or expenses which may be
suffered by the customer, including any loss suffered by the customer resulting from the inaccuracy or invalidity of
any data created by the AVEVA software, irrespective of whether such losses are suffered directly or indirectly, or
arise in contract, tort (including negligence) or otherwise;

c) AVEVA's total liability in contract, tort (including negligence), or otherwise, arising in connection with the
performance of the AVEVA software shall be limited to 100% of the licence fees paid in the year in which the
customer's claim is brought.

In the event of any conflict between the above clauses and the analogous clauses in the software licence under
which the AVEVA software was purchased, the clauses in the software licence shall take precedence.

Copyright
All intellectual property rights, including but not limited to, copyright in this manual and the associated software,
(including source code, object code, and any data) belongs to or is validly licensed by AVEVA Solutions Limited or
its subsidiaries.

All rights are reserved to AVEVA Solutions Limited and its subsidiaries. The information contained in this document
is commercially sensitive, and shall not be copied, reproduced, stored in a retrieval system, or transmitted without
the prior written permission of AVEVA Solutions Limited. Where such permission is granted, it expressly requires
that this Disclaimer and Copyright notice is prominently displayed at the beginning of every copy that is made.

The manual and associated documentation may not be adapted, reproduced, or copied, in any material or
electronic form, without the prior written permission of AVEVA Solutions Limited. The user may also not reverse
engineer, decompile, copy, or adapt the associated software. Neither the whole, nor part of the product described in
this publication may be incorporated into any third-party software, product, machine, or system without the prior
written permission of AVEVA Solutions Limited, save as permitted by law. Any such unauthorised action is strictly
prohibited, and may give rise to civil liabilities and criminal prosecution.

The AVEVA products described in this guide are to be installed and operated strictly in accordance with the terms
and conditions of the respective licence agreements, and in accordance with the relevant User Documentation.
Unauthorised or unlicensed use of the product is strictly prohibited.

Copyright 2000 to current year. AVEVA Solutions Limited and its subsidiaries. All rights reserved.

The AVEVA Instrumentation user interface is based on the Microsoft Office Fluent user interface.

Trademarks
AVEVA and Tribon are registered trademarks of AVEVA Group plc or its subsidiaries. AVEVA product names are
trademarks or registered trademarks of AVEVA Solutions Limited or its subsidiaries. Unauthorised use of
trademarks belonging to AVEVA Group plc or its subsidiaries is strictly forbidden.

Microsoft Office Fluent user interface. Fluent is a trademark of Microsoft Corporation and the Fluent user
interface is licensed from Microsoft Corporation. The Microsoft Office User Interface is subject to protection under
U.S. and international intellectual property laws and is used by AVEVA Solutions Limited under license from
Microsoft.

DevExpress redistributables are used by AVEVA under license from Developer Express Inc. Copyright 2000-
2014 Developer Express Inc.

AVEVA Solutions Ltd, High Cross, Madingley Road, Cambridge, CB3 0HB, United Kingdom.
Instrumentation Security Manager User Guide

Revision Sheet

Date Version Comments / Remarks


March 2012 Copyright added to all pages.
March 2013 12.1 SP1 Updates incorporated
August 2013 12.1 SP2 Updates incorporated
July 2014 12.1 SP3 Updates incorporated
Instrumentation Security Manager User Guide
Security Manager User Guide
Introduction

1 Introduction

The purpose of the AVEVA Instrumentation Security Manager User Guide is to help users
learn how the Security Manager application works. The guide describes the basic steps
required to add security users to an AVEVA Instrumentation project/database.
Refer to the System Requirements for running AVEVA Instrumentation Security Manager.

1.1 What is Security Manager


The Security Manager application enables an Administrator or Super User to set up access
and security rights on 'Objects' in an SQL Server database. The access rights are role
based and include read-write, read-only or a mixture of these rights. Furthermore, Security
Manager also supports 'no access' rights which will stop a user from viewing object data or
running a specific AVEVA Instrumentation application.
AVEVA Instrumentation 'objects' within Security Manager are Instruments, Cables,
Equipment, Datasheets, Drawings, Reports, Catalogues, and other logical items.
For example, the Security Manager Administrator could allow User A to edit cables and
equipment, but not edit datasheets. User B could be allowed read-only access to
everything. User C could be allowed to edit datasheets but not process data, User D cannot
open or view any AVEVA Instrumentation data, reports etc.
Access rights can also be defined on the basis of plant areas. Users may have access to
objects in some areas, but not to others.

Note: By default, AVEVA Instrumentation Security is disabled for all new AVEVA
Instrumentation databases. Security must be enabled from AVEVA Instrumentation
Security Manager.

1.2 System Requirements


For the minimum system requirements needed to run AVEVA Instrumentation, refer to the
Installation User Guide.

1.3 AVEVA Instrumentation


For an overview of AVEVA Instrumentation, its features and benefits, refer to the Common
Functionality User Guide.

Copyright 2000 to current year. 1:1 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Introduction

1.4 Guide Structure

Introduction an introduction to this document.

Security Manager an overview of Security Manager.


Features

Security Setup how to use Security Manager features.

Copyright 2000 to current year. 1:2 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Manager Features

2 Security Manager Features

The Security Manager application enables an Administrator or 'Super User' to setup access
and security rights on objects in an AVEVA Instrumentation SQL Server database. Security
Manager includes the following features:
Enable security on Security Manager 'objects', including application modules.
Allow users read-only access to all or only a subset of objects and areas.
Allow users read-write access all or only a subset of objects and areas.
Disable access to all or to a subset of objects and areas.
Security rights can be assigned to a specific user by name (the users login), or can be
controlled via a user-defined role name. For example, three roles may be set up:
1. Engineers
2. Designers
3. Technicians
All engineers working on the Security Manager project could be made members the role
'Engineers' and that role can be given read-write access to all Instruments and Datasheets,
but given read-only access to Drawings etc.
All designers working on the Security Manager project could be made members the role
'Designers' and that role can be given read-write access to all Cables, Equipment and
Drawings, but given read-only access to Datasheets etc.
Plant operations personnel may only requires read-only data access (i.e. they cannot make
design changes), therefore a 'Technicians' role would be given read-only access to all
Security Manager objects. With read-only access the user can still print reports.
Full, read-only and no access can also be set based on project plant areas. For example,
users with a specific role may be grant full access to some areas, read-only access to some,
areas and no access to others.

Note: By default, Security is disabled for all new SQL Server databases. To enable security
a user must run Security Manager and enable security.

The Security Manager Administrator can create new Users and Groups. Currently all
'Objects' are pre-defined and cannot be changed or new 'Objects' added.

Copyright 2000 to current year. 2:1 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Manager Features

Copyright 2000 to current year. 2:2 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

3 Security Setup

Refer to:
Select and Login to a Project
Enable Basic Security Settings
Toolbar Menu
Create New Project
Create SQL Server Project from Backup
Set Authentication Type
Edit Projects
Import Security Settings
Changing the Administrator Password
Groups
Define Security Users
Add New User to SQL Server Project
Define Object Security
Define Area Access Control
Set AI Reports Password
Package Projects
Resolve Database Collation Conflicts

3.1 Select and Login to a Project


When the Security Manager application is started, the Select an AVEVA Instrumentation
Project window is displayed.

Copyright 2000 to current year. 3:1 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

Note: The Select an AVEVA Instrumentation Project window is not displayed if only one
project exists. If only one project exists, this project is automatically selected and the
login/password window(s) are displayed (see below).

Note: Clicking New displays the Create a New AVEVA Instrumentation Project window.
Refer to Create New Project for further information.

Highlight a project in the list and click Select. The login procedure then depends on the
authentication type of the project (see Set Authentication Type).
If Windows Authentication (the default option) is the authentication method being used
for the project, the Login window is then displayed (see below).
If SQL Server Authentication is the authentication method being used for the project,
the SQL User Login window is displayed:

Enter valid SQL server login details and click OK. The Login window is then displayed
(see below).
If AVEVA Project Authentication is the authentication method being used for the
project, the Authentication Type window is displayed:

Copyright 2000 to current year. 3:2 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

AVEVA Project Authentication can only be used to authenticate user access to project
engineering modules. Therefore one of the other methods must be used when carrying
out a procedure that requires administrator rights, such as accessing the Security
Manager module for a project.
Select the required method and then click OK.
If Windows Authentication is selected, the Login window is then displayed.
If SQL Server Authentication is selected, the SQL User Login window is displayed as
described above. Enter the required details and click OK to access he Login window.
In the login window enter login details for a project user with administrator rights.

A default administrator user is automatically created for each project. If the default
administrator user login details have not been changed, the User Name is administrator
and the Password is Password.

Note: AVEVA recommend that the default password for the administrator is changed to
protect the integrity of Security Manager. Refer to Changing the Administrator
Password for further information.

Click Login to display the AVEVA Instrumentation Security Manager window.

Copyright 2000 to current year. 3:3 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

3.2 Enable Basic Security Settings


To enable Security Manager on the current project, click Settings in the left-hand pane and
then check the Security Enabled checkbox in the right hand pane.

Once security is enabled:


The access rights and restrictions assigned to users in Security Manager are enforced,
e.g. users will have read-only access to objects unless granted more extensive rights.
When a Windows user or an SQL user connects to an Engineering module, if that user
has not be added to the list of project users in Security Manager before, it is
automatically added then (see Define Security Users).

Copyright 2000 to current year. 3:4 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

By default, Security is disabled on all new Security Manager SQL Server databases to make
sure compatibility is maintained with earlier releases of Security Manager. If security is not
enabled, all users will have read and write access to all data.
When the Security Enabled checkbox is checked, the Grid Locks checkbox becomes
active. Checking the Grids Locks checkbox locks the data grids of the selected project,
preventing more than one user editing the same information at the same time. If another
user attempts to edit the same information, they are prevented from doing so, and a
message is displayed warning them that the information is currently being edited by another
user.

3.3 Toolbar Menu


The following options are available to the user from the main toolbar menu.

Project Used to Create New Project, Create SQL Server Project from
Backup, Add New User to SQL Server Project, Edit Projects,Set
Authentication Type, Package Projects, Set AI Reports Password
and Exit the application.

Tools Used to Import Security Settings, Resolve Database Collation


Conflicts and Change the AVEVA Project Authentication
Password.

Note: The Encrypt / Decrypt option is not relevant to AVEVA


Instrumentation. View AVEVA Electrical documentation for
details.

Help Used to open the help file and display the current version number.

Add Group Used to add a new security group. See Add a New Group.

Delete Group Used to delete an existing security group. See Delete a Group.

Add User Used to add a new user. See Add a User.

Delete User Used to delete an existing user. See Delete a User

3.4 Create New Project


To create a new project, select Project > Create New Project from the main menu bar to
display the Create a New AVEVA Instrumentation Project window.

Note: The Create a New AVEVA Instrumentation Project window is also displayed when
the user clicks New on the Select an AVEVA Instrumentation Project window.

Copyright 2000 to current year. 3:5 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

For details of how to create a new project, refer to the AVEVA Instrumentation Installation
Guide.

3.5 Create SQL Server Project from Backup


An SQL Server Project can be created from a backup by selecting Project > Create SQL
Server Project from Backup from the main menu bar to launch the Restore Wizard utility.

Note: The utility is designed to run on the computer that the SQL Server is installed on. All
the paths provided by the user must be to physical drives on the computer and not to
mapped drives.

Copyright 2000 to current year. 3:6 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

Select the backup file by either completing the field manually or by clicking Browse to
display the Select Backup File window.

Copyright 2000 to current year. 3:7 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

Navigate to, and highlight the required file and then click Open to return to the Restore
Wizard utility. The field will be populated with the selected file.
Click Next.
The next screen of the wizard is used to choose where the project is to be restored to, and
enter authentication details.

Complete the Server Name and Database Name fields with the required details.
In the Authentication section, select either Use Windows Authentication or Use SQL
Server Authentication as required.
Clicking Use SQL Server Authentication activates the User Name and Password fields
which the user must then complete with valid SQL server login details.

Click Next.
The next screen is used to specify the restore options

Copyright 2000 to current year. 3:8 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

Complete the Data File path and Log File path fields.

Note: If the path is the same for both fields, complete the Data File path field only. The
Log File path field will automatically default to the same path.

Both fields can be populated manually or by clicking the button to the right of the fields to
display the Browse for Folder window, enabling the user to navigate to the required path.
When both fields are populated, click Finish to complete the restore. When the restore is
complete a message is displayed in the bottom-left corner of the Restore Wizard utility
window, as follows:

3.6 Set Authentication Type


The authentication type for a project controls how user access to project modules is
validated.
By default, the Windows authentication type is selected when a project is created. If
required, it can subsequently be changed to either SQL Server authentication or AVEVA
Project authentication.

Note: The user login on the SQL Server must have a sysadmin role in order to change the
authentication type or the Project authentication password.

To change the authentication type, select Project > Authentication Type from the main
menu bar to display the Authentication Type window:

Copyright 2000 to current year. 3:9 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

Select the required authentication type from the window and click OK.
In AVEVA Project Authentication mode, while users will login to projects using project-
specific user names and passwords (see Add a User), they are all also automatically logged
into the SQL server using a single SQL user called IDOAdmin.
A password is required for this user if it has not already been specified. Therefore, if AVEVA
Project Authentication is selected, the following window is then displayed:

Enter the password and click OK.


If a password was previously specified for the IDOAdmin user, the following window is
displayed instead:

Enter the password and click OK.

Note: The ISOAdmin SQL user only has sufficient rights to provide users with access to
project engineering modules. Therefore when performing administrative tasks such
as creating and restoring projects and accessing the Security Manager module, one
of the other authentication methods must be selected.

Copyright 2000 to current year. 3:10 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

To change the AVEVA Project Authentication password, refer to Change the AVEVA Project
Authentication Password.

3.6.1 Change the AVEVA Project Authentication Password


The AVEVA Project Authentication password is set when the AVEVA Project authentication
is selected, as described in Set Authentication Type.
To change the AVEVA Project Authentication password, select Tools > AVEVA Project
Authentication > Change Password.
The Change Password window is then displayed:

Enter the current password, the new password, and the new password again to confirm it in
the fields provided, and click OK to complete the procedure.

3.7 Edit Projects


To edit a project, select Project > Edit Projects from the main menu bar to display the
Projects window.

The Projects window lists all the current projects.


To edit project details, click in a cell and manually change the content, or in the case of the
Database Type cells, select a type from a drop-down menu.

Copyright 2000 to current year. 3:11 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

To save changes, select a different cell from the one in which the last change was made and
then close the Projects window. If any changes were made, the Save window is then
displayed:

Click Yes to confirm the changes.

3.8 Import Security Settings


Security settings can be imported from another project. To import security settings, select
Tools > Import Security Settings. The following message is then displayed:

Click Yes to continue. The Select an AVEVA Instrumentation Project window is displayed.

Copyright 2000 to current year. 3:12 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

Select the required project in the list and click Select. The security settings from the
selected project then overwrite those of the current project.

3.9 Changing the Administrator Password


To change the Administrator Password, highlight Users in the left hand pane and double-
click on Administrator in the UserName column in the right hand pane.

The User window is then displayed:

Copyright 2000 to current year. 3:13 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

Enter a new password and click Save. The Password Confirmation window is then
displayed:

The user must confirm the new password by entering it again in the field and clicking OK. If
the passwords do not match, a message window will be displayed requesting that the user
try again.

Copyright 2000 to current year. 3:14 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

Click OK to return to the User window and re-try entering the passwords.

3.10 Groups
All AVEVA Instrumentation SQL Server seed databases have four default Groups pre-
created:

The four default Groups cover the common user types on any project: Instrument
Engineers, Instrument Designers, Process Engineers and a special 'Everyone' Group which
is the default Group for any user accessing the database.

Note: The Everyone Group provides only read-only access by default.

Each of these Groups has pre-set or default access rights to various Security Manager
objects based on typical project requirements. These access rights can be modified by a
Security Manager Administrator. Refer to Setting Security on Objects.

Copyright 2000 to current year. 3:15 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

3.10.1 Add a New Group


To add a new Security Group to the database, highlight Groups in the left-hand pane and
click Add Group from the toolbar menu. The Group window is then displayed:

Enter a Name for the new group and optionally a Description of it. Completing the
Description field is optional but AVEVA recommend it is completed.
Click Save. The Group window is closed and the new group name is displayed AVEVA
Instrumentation Security Manager window.
After a new Group is created, the Security Manager administrator will need to assign access
rights to that Group using the Security Objects options. Refer to Setting Security on Objects.

3.10.2 Edit a Group


To edit a group, double-click on it in the list of groups to display the Group window.

Edit the group details as required and click Save.

3.10.3 Delete a Group


To delete a group, select it from the list of groups (single-click on it) and then click Delete
Group on the main toolbar. The Delete Group window is displayed.

Copyright 2000 to current year. 3:16 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

Click Yes to confirm the deletion or No to terminate the process.

3.11 Define Security Users


By default, new projects are created with a single user with Administrator access rights to
Security Manager. Further users can be added, edited and removed.

Note: If security is enabled (see Enable Basic Security Settings), when a Windows user or
an SQL user connects to an Engineering module, if that user has not be added to the
list of project users in Security Manager before, it is automatically added then.

Continue at:
Initial User Setup
Add a User
Edit a User
Delete a User

3.11.1 Initial User Setup


The following window shows the initial User list, accessed by clicking Users in the explorer
treeview:

Copyright 2000 to current year. 3:17 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

All Security Manager SQL Server seed databases have a single default user named
'Administrator'.
The default, the Administrator user is defined as a Security Manager Administrator. Users
with this level of access may edit the Security settings for the current database.

3.11.2 Add a User


To add a user, highlight Users in the left hand pane and click Add User from the toolbar
menu. The User window is displayed.

Note: Users must be added manually by a Security Manager Administrator.

Copyright 2000 to current year. 3:18 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

Note: If security is enabled (see Enable Basic Security Settings), when a Windows user or
an SQL user connects to an Engineering module, if that user has not be added to the
list of project users in Security Manager before, it is automatically added then.
The User Name of automatically added users will be the domain name and the user
name, e.g. Domain\Username. The Full Name will be the user name prefixed with
auto-, e.g. auto-Domain\Username.

To add a new user if the project is using Windows or SQL Server Authentication, click the
button to the right of the User Name field. The Select Username window is then displayed:

Select a domain name, then a user name from that domain from the lists in that window.

Copyright 2000 to current year. 3:19 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

Note: If SQL Server Authentication is being used for the project, new users must also be
added as logins on the SQL server, if that is not already the case. A utility is provided
in the Security Manager for this purpose. Refer to Add New User to SQL Server
Project.

If using AVEVA Project Authentication, the button is not displayed. Instead enter the
required user name and password in the fields provided:

Unless AVEVA Project Authentication is being used, the Password field on the User
window is only enabled if the user is an Administrator.
A user can by marked as Is Read Only. This stops the user from editing any data in all
application modules.
Marking the user as Is Administrator enables the user to run Security Manager as an
Administrator. Every Administrator must have a Password. The Password field is enabled if
Is Administrator option is checked.

Security Group Membership


If a user is not Read Only or an Administrator, then the user must then be assigned to a
Security Group.

Copyright 2000 to current year. 3:20 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

The Security Group controls the access level to each Security Manager application (e.g
Security Manager Engineer, Designer, Wiring Manager) and/or objects within each module
(e.g Instruments, Cables, Datasheets etc). Refer to Groups for more information.
To assign the user to a Security Group double-click on the Group name in the Not Member
of Group list. The selected Group is then moved to the Member of Group list.
To unassign the user from a Security Group double-click on the Group name in the Member
of Group list.

3.11.3 Edit a User


To edit a user, highlight Users in the left hand pane and double-click on the user record in
the right-hand pane. The User window is then displayed.

Edit the user details as required and click Save.

3.11.4 Delete a User


To delete a user, select it from the list of users and click Delete User in the toolbar menu.
The following message is then displayed:

Copyright 2000 to current year. 3:21 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

Click Yes to delete the selected user.

3.12 Add New User to SQL Server Project


If SQL Server Authentication is being used for the project, new users must also be added as
logins on the SQL server, if that is not already the case. A utility is provided in the Security
Manager for this purpose.
To add a new user to a SQL server project, select Project > Add New User to SQL Server
Project from the main menu bar to display the SQL Server Login window. Refer to the
AVEVA Instrumentation Installation Guide for information on entering the required
information into his window.
Once the SQL Server Login window has been completed, click OK to display Add User to
SQL Server Project(s) window.

Select the required project(s) from the displayed list, complete the User Domain Login
Name field and select the required Access Rights from the drop-down list.

Copyright 2000 to current year. 3:22 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

Click Save. A message is then displayed confirming that the user has been added. Click
Exit to close the window.

3.13 Define Object Security


Security Objects enable a Security Manager Administrator to set access rights to pre-
defined 'objects' in Security Manager. The access rights (Access Types) are:

Read-Write or Full Access allows a user to add, edit and delete data

Read-Only (no Write) allows a user to read data only and create reports

No Access stops a user from viewing the object, including disabling


of editing and reporting

Process Data this is a a special Access Type that controls read-write


access to Process Data in Security Manager Engineer.

No Create stops a user creating new instruments or loops.

Top level Security Objects are the Security Manager applications:


AVEVA Instrumentation Designer
AVEVA Instrumentation Engineer
AVEVA Instrumentation Wiring Manager
Within each application there are various Security Objects that define typical Security
Manager objects such as Instruments, Cables, Loops, Datasheets, Drawings etc.
The following window shows the initial Objects treeview and the Application Objects:

Copyright 2000 to current year. 3:23 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

Click on an Application Object. The application node expands to show the application's
Security Objects that the Administrator can control access to:

Copyright 2000 to current year. 3:24 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

For example, Datasheets, Datasheet Design (changing the forms in the database),
Importing Datasheet Catalogue etc.

3.13.1 Setting Security on Objects


To set the Security access level on any object, navigate to the required object in the left-
hand pane and highlight it.

Copyright 2000 to current year. 3:25 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

The right-hand pane then displays the current Security Groups defined in the database and
lists these Groups:

No Permission Group Groups in this list have no access to the current Object

Permission Group Groups in this list have access rights as defined by the
Access Type column

To add a Group to the Permissions Group column, double-click on the Group name in the
No Permission Group column.
To remove a Group from the Permission Group column double-click on the Group name in
the Permission Group column.
To change the Access Type, select the Access Type from the list in the Access Type field:

Copyright 2000 to current year. 3:26 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

Note: The Access Type is defined for the Group in the Permission Group list only.

Example
To prevent Engineers from editing Datasheets:
1. Add a new group from the Groups list (e.g. 'EngineersNoDSH').
2. Go to the Security Object 'Datasheet' for Security Manager Engineer
3. Double-click on the new Group Name (e.g. 'EngineersNoDSH').
4. Change the Access Type to Read-Only.
To also prevent Engineers from exporting Datasheet data to Excel, select Read Only
(No Excel Export).
5. Go to the User list.
6. Add the new Group Name (e.g. 'EngineersNoDSH') to the User.

3.14 Define Area Access Control


Area Access Control enables a Security Manager Administrator to set access rights to
project plant areas in AVEVA Instrumentation. The access rights (Access Types) are:

Full Access allows a user to add, edit and delete data in the area

Read-Only allows a user to view the details of objects in the area,


but not edit or delete it, and to create reports that include
the object data

Copyright 2000 to current year. 3:27 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

Read-Only (Allow allows a user to view object data, create reports and
Connections) make connections to objects in the area (e.g. users may
assign a supply in the area to a load in a full access
area)

No Access stops a user from viewing the objects in the area,


including disabling of editing and reporting

3.14.1 Set Area Access Control


Double-click on the Areas node. All plant areas defined for the project are then listed
beneath it. For example:

To define the access control to an area, click on it.

Copyright 2000 to current year. 3:28 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

The right-hand pane then displays the current Security Groups defined in the database and
lists these Groups:

No Permission Group Groups in this list have no access to the current area

Permission Group Groups in this list have access rights as defined by the
Access Type column

To add a Group to the Permissions Group column, double-click on the Group name in the
No Permission Group column.
To remove a Group from the Permission Group column double-click on the Group name in
the Permission Group column.
To change the Access Type for the area, select the Access Type from the list in the Access
Type field:

Copyright 2000 to current year. 3:29 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

3.15 Set AI Reports Password


The AIReports.mdb database file may be password protected to establish an extra layer of
project security. When this password is set, queries cannot be accessed in the database
unless the password is entered.
Select Project > Set AIReports Password. The Set AIReports Password window is then
displayed:

Enter the required password in the New Password field and again the Confirm New
Password field, then click OK. If a valid password is entered a message is then displayed
confirming that the password has been set.

Copyright 2000 to current year. 3:30 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

To change the password, select Project > Set AIReports Password again. The Set
AIReports Password window is then displayed as follows:

Enter the current password, the new password, and the new password again to confirm it in
the fields provided, and click OK to complete the procedure.

3.16 Package Projects


A project can be saved as a single package (.pkg) file. This file can then be selected when
creating a project. The new project is then created with all the data and settings of the
packaged project. Refer to the Installation guide for more information on creating projects.
To package a project, select Project > Package Project.
Packaging a project requires certain SQL Server Management Objects (SMO) to be
installed and available. If any of these are not installed the following message is displayed:

Click on the links to download the objects, and then install them from the downloaded .msi
files.
Once the SMOs have been installed, select Project > Package Project again.
The Project Packager window is then displayed:

Copyright 2000 to current year. 3:31 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

Select the location that the package file is to be saved to by clicking the ... button. The
following window is then displayed:

Browse for the required location, enter the file name in the File name field, and click Save.
The selected location and file name are then displayed in the Output file field of the Project
Packager window:

Click OK to start packaging the project.


The process of the packaging is then displayed in the window. For example:

Click Cancel to stop the process at any time.


When packaging is complete, the following message is displayed:

Copyright 2000 to current year. 3:32 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

Click OK to close the message. Click Cancel to close the Project Packager window.

3.17 Resolve Database Collation Conflicts


Users may receive messages while working in AVEVA Instrumentation indicating that there
is a database collation conflict issue. For example: Cannot resolve collation conflict at
column 2 in order by statement.
Such conflicts can be resolved in Security Manager by selecting Tools > Resolve DB
Collation.
If multiple users are connected to the selected database, the following error message will be
displayed:

Follow the instructions and select the Resolve DB Collation option again.
When the conflict is successfully resolved, the following message is displayed:

Copyright 2000 to current year. 3:33 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide
Security Setup

Whether it was successful or unsuccessful, a log entry will be generated for the operation in
the Windows Event Viewer, which may be useful for future analysis of the issue.

Copyright 2000 to current year. 3:34 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide

Index

A I
Add a New Group . . . . . . . . . . . . . . . . . 3:16 Import Security Settings . . . . . . . . . . . . 3:12
Add a User . . . . . . . . . . . . . . . . . . . . . . 3:18 Initial User Setup . . . . . . . . . . . . . . . . . 3:17
Add New User to SQL Server Project . . 3:22 Introduction to Security Manager . . . . . . 1:1
Authentication Type . . . . . . . . . . . . . . . . 3:9
AVEVA Project Authentication Password 3:11 L

C Login . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:1

Change the AVEVA Project Authentication P


Password . . . . . . . . . . . . . . . . . 3:11
Changing Administrator Password . . . . 3:13 Package Projects . . . . . . . . . . . . . . . . . 3:31
Changing the Permission Access Type 3:26,
3:29 R
Create New Project . . . . . . . . . . . . . . . . . 3:5
Create SQL Server Project from Backup 3:6 Resolve Database Collation Conflicts . 3:33

D S
Define Area Access Control . . . . . . . . . 3:27 Security Manager Features . . . . . . . . . . 2:1
Define Object Security . . . . . . . . . . . . . 3:23 Select and Login to a Project . . . . . . . . . 3:1
Defining Security Users . . . . . . . . . . . . 3:17 Set Authentication Type . . . . . . . . . . . . . 3:9
Delete a User . . . . . . . . . . . . . . . . . . . . 3:21 Setting Security on Objects . . . . . . . . . 3:25

E
Edit a User . . . . . . . . . . . . . . . . . . . . . . 3:21
Edit Projects . . . . . . . . . . . . . . . . . . . . . 3:11
Enable Basic Security Settings . . . . . . . . 3:4

G
Group Setup . . . . . . . . . . . . . . . . . . . . . 3:15

Copyright 2000 to current year. Index page 1 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.
Security Manager User Guide

Copyright 2000 to current year. Index page 2 12 Series


AVEVA Solutions Limited and its subsidiaries.
All rights reserved.