You can run the Security Synchronizer using a node-based or user-based approach to iFIX security.
Node-based Security
Choose this method if you want to run the Security Synchronizer on a node, regardless of who, if anyone, is logged into iFIX. Using the iFIX security Autologin feature, you must specify an iFIX user account as the system user. This account is automatically logged in as the system user the next time iFIX is started. You cannot log this user off unless you remove the associated account from the System User field in the Automatic Login Node dialog box, located in the Security Configuration program and restart iFIX.
NOTE: The system user you create here is recognized only by the Security Synchronizer. Other iFIX features and programs do not recognize the system user; therefore, this user cannot be used to provide access to any security privilege other than running the Security Synchronizer.
To specify the system user:
- Open the Security Configuration program.
- On the Edit menu, click Autologin.
- Click Add.
- In the Node field, enter the iFIX node name. This is the node where the Security Synchronizer will be run.
- In the System User field, select an account.
- Click OK.
Refer to the chapter Defining and Assigning Security Privileges for more information on the Security Configuration program.
The user account logged in as a system user must have these two application features to be able to execute the Security Synchronizer:
Security Synchronizer – needed to actually run the Security Synchronizer.
System User Login – needed for the user to be logged-in as the system user.
If you follow this method, the Security Synchronizer can run, providing these conditions are true:
- iFIX is running.
- Security Configuration program is not running.
- A user is logged in to Windows.
The Security Synchronizer can run even if a non-system user, such as an operator with limited security privileges, is logged in. iFIX logs the system user in at startup, and the Security Synchronizer checks for the system user when it executes.
The iFIX user account specified as the system user is not modified or deleted by Security Synchronizer, even if the /R parameter is specified. Refer to the Command Line Parameter Errors section for more information on the run-time parameters. When this iFIX user account is used, its privileges to run the Security Synchronizer cannot be revoked. Therefore, you should create a separate iFIX user account that represents the system user with only the necessary security privileges. You should avoid using an existing iFIX user's account.
NOTE: Once you add a system user to the Autologin configuration, you must restart iFIX for that user to become logged-in.
User-based Security
To use this method, the currently logged in iFIX user must have the privileges necessary to run the Security Synchronizer. You must assign the Security Synchronizer application feature to the appropriate user accounts. If you do not specify a system user in the iFIX Autologin configuration, then, by default, user-based security is used.
Under user-based security, if the current user does not have the appropriate Security Synchronizer application feature privilege or if no user is logged in, the Security Synchronizer does not run and a message is sent to the audit trail file.
