Access Controls in iFIX

The Access Controls feature in iFIX (formerly known as "secure mode") assists you in reducing security risks on your SCADA system. By applying Access Control Lists (ACLs) to iFIX, access rights to shared memory used by your iFIX processes, files, and Registry entries are regulated by Windows.

By default, Access Controls are disabled when you install iFIX to allow you to quickly configure your system. If you later want to enable Access Controls or change your current settings, you can do so by using the ConfigureWizard.exe. Click the Start menu, iFIX, and then select the Setup Access Controls option.  You can also access ConfigureWizard.exe from the iFIX install folder; by default, this location is: C:\Program Files (x86)\Proficy\iFIX\ConfigureWizard.exe

With Access Controls enabled, you can also restrict the opening of pictures to folders that have restrictions based on Access Controls. For example, if a user has pictures in a non-default folder, such as C:\Temp\iFIXPictures, and the "Check folder permissions when opening iFIX Pictures" option is enabled, that folder will need to be secured with the group name configured in this Configure Wizard utility in order for the picture to be opened.

To configure access controls in iFIX:

1. From Start menu, select iFIX and then Setup Access Controls. Or, from the iFIX install folder, double-click ConfigureWizard.exe. By default this folder location is: C:\Program Files (x86)\Proficy\iFIX\ConfigureWizard.exe. The iFIX Install Mode dialog box appears.

2. Select the Install iFIX with Access Controls option.
3. If using a domain network group as the scope for validation, in the Domain or Computer Name field, enter a domain name (for example mycompany.com). Otherwise, specify the local computer name (the default).

• When using the network domain group, iFIX and its applications will not be able to run if this machine becomes disconnected from the domain.
• If you specify a local group and it does not exist, the installer will create it for you. By choosing secure mode, the currently logged in user will be added to this Windows group. All other iFIX users will need to be manually added.

3. Optionally, if you want to secure your picture viewing, select the "Check folder permissions when opening iFIX Pictures" option.
4. Optionally, if you want to run iFIX as a service along with Access Controls, select the "Assign a Windows user account to iFIX services" option, and enter and user name and password. iFIX will run under this account when configured to run as a service. For more information, see Windows and Security.

• This user must exist in the specified Windows group name.
• If you choose not to provide this information, then iFIX cannot be configured to run as a service.
• It is recommended to use a least privilege account, and not an administrative account.

5. Click OK to save your settings.

6. Restart your computer.

7. Start iFIX.