iFIX Security Concepts
Before you restrict access to iFIX applications and files, you need to understand how security works. The security concepts described in the following list are described in more detail in the Understanding iFIX Security chapter. For information on using the concepts, see the Defining and Assigning Security Privileges chapter.
User Account – defines the privileges assigned to one person. iFIX identifies each user account with a login name and an optional password. User accounts can belong to one or more groups. When a user account belongs to a group, it inherits all the privileges associated with the group. The user account can have privileges in addition to the group privileges.
Group Account – assigns access to the most commonly-used privileges that two or more people must share. Allows you to bundle a set of privileges and assign them in one step to a user account.
Application Feature – a privilege that allows an operator to access specific application functions. For example, the WorkSpace Runtime application feature provides access to the WorkSpace run-time environment. To help simplify explanations, this manual collectively refers to applications and specific application functions as application features.
Security Area – a physical or functional division of a plant. For example, security areas can be process hardware (such as pumps or ovens), utilities (such as fuel, water, or steam), or maintenance functions.
The following figure shows how user accounts, group accounts, application features, and security areas interrelate. Each user account has privileges that are directly assigned and inherits any privileges assigned to the groups to which the user account belongs.
Security Concepts
Electronic Signature – uniquely identifies operators performing or verifying changes to your process. You can require operators to enter a user name and password before acknowledging an alarm or entering data. This functionality can assist you in becoming compliant with the 21 CFR Part 11 United States FDA government regulation.
Run-time Environment Protection – restricts the things that operators can do during iFIX WorkSpace Run Mode. For example, you can prevent operators from switching to other applications or exiting the WorkSpace when you have Run-Time Environment Protection enabled.
