Security Authorization
Authorization is a security feature that gives particular users permission to access data and leverage capability with the Vision application.
Foundation of Authorization Implementation
The foundation of this system is the concept of roles and the hierarchy within those roles. You create roles and then create a cascading system of permissions (or privileges) based on those roles. When you first create a role, you must determine where within your system that role will act. For example, you determine which pieces of equipment that a person in that role can use. Then, you determine what the role is going to be able to do, as well as who is going to be able to perform that action. By doing this, you decide the precise actions that a particular person or group of people will be able to do within your application.
Authorization in Vision
A person or a group of people (users) can be assigned a role that allows them to use a resource (for example, a piece of equipment) to perform an action within the limits of their access (privilege), which was defined for the role assignment.
| Central Concept | Terms | Description |
|---|---|---|
| >Role Assignment | >User, User Group | The person, such as an operator or supervisor, who is assigned to perform particular actions within predefined privileges. A group is a collection of users. |
| >Resource, Resource Set | The scope of the assignment, such as to what or to whom a privilege is assigned. For example, a piece of equipment or access to a system. | |
| >Privilege, Privilege Set | The ability to perform operations. |
Key Features and Terms
Vision uses a role-based access control security system to restrict application access to authorized users. This authorization system is the next generation of authorization. Systems like Workflow and Historian will evolve to this model over subsequent releases.
Currently, there are differences between Vision and Workflow. The following table highlights the distinction in terminology between systems.
| Vision Term | Workflow Term | Implementation |
|---|---|---|
| User, User Group | Users, Groups | Users and groups are shared between both systems. You can manage them in each application. Note: User and group resources are available in both applications; however, if you delete this resource in Vision, you must not delete it in Workflow if you still require this resource to perform actions within this application. |
| Privilege (privilege set) | Permission | Privileges in Vision are not visible or managed in Workflow. |
| Resource (resource set) | Any resource; for example, equipment | Resource sets given to a Vision user (?) are not enforced in Workflow. |
| Assignment | Key sets | Assignments granted in Vision are not enforced in Workflow. |