TM
DeltaV Security 11-1
11-2
Objectives Upon completion of this module you will be able to define
Parameter security
Field security
Function security
Users
Groups
Locks
Environmental Environmental Protection
Flexlock Application Export database database
11-3
DeltaV Locks & Keys
Through the use of Locks Locks & Keys, the DeltaV System provides security mechanisms at the parameter , field and function function level.
11-4
DeltaV Locks & Keys Control — lock assigned to parameters that an operator needs to write to or modify in order to control the process
Example: MODE, SP, OUT Restricted Control — lock assigned to parameters or fields that supervisors and engineers might use to configure the process
Example: BKCAL_IN, FF_ENABLE, RESTART_ENABLE Tuning — lock assigned that maintenance tech and supervisors use to tune the performance of the process
Example: GAIN, RESET, HI_LIM
11-5
DeltaV Locks & Keys System Records — lock assigned that affect the records kept by the system
Example: ENAB Diagnostic — lock assigned to parameters and fields that affect diagnostic information maintained by the system System Maintenance — lock assigned that would affect control system operation User Lock 1 through 10 — locks that can be assigned to parameters and fields that allow customized security schemes to be implemented Batch Operate — lock assigned that will allow a user with this key to operate the DeltaV batch subsystem.
11-6
DeltaV Locks & Keys Build Recipe — lock assigned that will allow a user with this key to use the Recipe Studio. Can Calibrate — lock assigned that would allow a user with this key to use the AMS device configuration and calibration features. Can Configure — lock assigned that would allow a user with this key to change the configuration database. Can Download — lock assigned that would allow a user to download configurations to nodes in the control network. System Admin — lock assigned that would allow a user with the key to access the database administration tools to create, copy and rename databases.
11-7
Parameter Security
Access the DeltaV Parameter Security Properties dialog box from DeltaV Explorer by selecting: System Configuration
Setup
Security
Parameter Security
Properties 11-8
Parameter Security “Writable” parameters have locks assigned to them. The Properties dialog box, shown above, permits you to change the lock assignments.
11-9
Field Security
Access the DeltaV Field Security Properties dialog box from the DeltaV Explorer by selecting: System Configuration
Setup
Security
Field Security
Properties 11-10
Field Security “Writable” fields have locks assigned to them. The Properties dialog box, shown above, permits you to change the lock assignments.
11-11
Function Security
Access the DeltaV Function Security Properties dialog box from the DeltaV Explorer by selecting: System Configuration
Setup
Security
Function Security
Properties 11-12
Function Security Various“writable” function have locks assigned to them. The Properties dialog box, shown above, permits you to change the lock assignments.
11-13
User Manager
Access the DeltaV User Manager form from the DeltaV Explorer by selecting the Lock Key button. The DeltaV User Manager dialog bog appears. 11-14
User Manager The DeltaV User Manager dialog box, shown above, allows you to ADD or DELETE user and group.
11-15
User Properties
Access the DeltaV General User properties form by clicking the right mouse button in a blank area of the Users’ Window and selecting New from the pull down menu. The New User form appears with the General tab selected. 11-16
User Properties Use the General tab, shown on the New User dialog box above, to ADD and IDENTIFY a user.
Note: Press the Help button for detail information on specific fields.
11-17
Advanced User
Access the Advanced User form by selecting the Advanced tab from the New User dialog box. 11-18
Advanced User Use the Advanced tab, shown on the New User dialog box above, to change the USER ACCOUNT and PASSWORD STATUS.
Note: Press the Help button for detail information on specific fields.
11-19
User Groups
Access the Groups form by selecting the Groups tab from the New User dialog box. 11-20
User Groups Use the Groups tab, shown on the New User dialog box above, to modify the groups to which a user belongs.
Note: Press the Help button for detail information on specific fields.
11-21
User Keys
Access the Keys form by selecting the Keys tab from the New User dialog box. 11-22
User Keys Use the Keys tab, shown on the Properties For User dialog box above, to grant keys to, or remove keys from, a user account.
Note: Press the Help button for detail information on specific fields.
11-23
Group Properties
Access the DeltaV Properties for Group: Operate form by double clicking a Group in the Groups window. The form appears with the General tab selected. 11-24
Group Properties Use the Properties for Group dialog box, shown above, to ADD or MODIFY a group. Use the General tab to name and describe a user group.
Note: Press the Help button for detail information on specific fields.
11-25
Group Members
Access the Members form by selecting the Members tab from the Properties for Group dialog box.
11-26
Group Members Use the Members tab, shown on the Properties for Group dialog box above, to modify a user group by ADDING or DELETING members.
Note: Press the Help button for detail information on specific fields.
11-27
Group Keys
Access the Keys form by selecting the Keys tab from the Properties for Group dialog box. 11-28
Group Keys Use the Keys tab, shown on the Properties for Group dialog box above, to grant keys to, or remove keys from, the group currently being created or modified.
Note: Press the Help button for detail information on specific fields.
11-29
Environment Protection / Flexlock
The FlexLock provides a secure operating environment by limiting desktop access to those users with the required privileges for that desktop. The DeltaV FlexLock application opens when a user logs on to DeltaV. FlexLock available desktops are the NT and DeltaV desktops.
A user with an Account Type of NT Desktop Access has access to the NT and DeltaV desktops.
A user who does not have NT Desktop Access is limited to the DeltaV desktop.
The NT desktop access includes all the DeltaV programs as well as all programs available in Windows NT. The DeltaV desktop limits the user to the DeltaV Operate and its associated program. To secure your operating environment, consider giving operators access to the DeltaV desktop only and configuration engineers access to both the DeltaV and NT desktops. 11-30
Environment Protection / Flexlock When a user logs off, the next user to log on sees the FlexLock application with the DeltaV Desktop button active. This indicates that the current user has been switched to the DeltaV desktop. All users without NT Desktop Access who attempt to switch to the NT Desktop receive a message indicating that they lack the proper privileges and are prompted to enter an administrator name and password. If they enter the proper administrator password, FlexLock switches them to the NT desktop. If you exit the FlexLock application from the NT desktop, click Start
DeltaV
Engineering
FlexLock
to return to the DeltaV desktop. Important: You cannot exit the FlexLock application from the DeltaV desktop.
11-31
Workshop - Defining Users This workshop requires you to perform the following tasks: Task 1.
Create a User with OPERATE privilege with area restrictions.
Task 2.
Create a User with TUNE privilege.
Task 3.
Download and verify.
11-32
Workshop - Defining Users Step 1.
Step 2.
Create a User with OPERATE privilege and the following characteristics: Name
OperatorA
Full Name
Alpha Operator
Password
operatora
Privileges
OPERATE privileges only for PLANT_AREA_A
Create a User with TUNE privilege and the following characteristics: Name
Supervisor1
Full Name
Sarge Supervisor
Password
supervisor1
Privileges
Sitewide TUNE privileges and download capability
11-33
Workshop - Defining Users Step 3.
Download the Workstation.
Step 4.
Verify by logging all the way out to the NT Log In
Step 5.
a.
Close all applications
b.
Start
Shut Down
Close all programs and log on as a different user
Verify each new user’s functionality.
Note: If a user does not have NT Desktop Access , press the
keys before selecting the Log Off button.
11-34
Workshop - Export This workshop requires you to Export the configuration database and copy the operator displays to a 3.5-inch disk in the following manner: Step 1.
From the DeltaV Explorer select Physical Network.
Step 2.
Right click and select Export.
11-35
Workshop - Export Step 3.
Select the A: drive as the destination, thereby Exporting the Physical Network. Click on Save.
11-36
Workshop - Export Step 4.
Export Control Strategies. Select the A: drive as the destination, thereby Exporting the Control Strategies. Click on Save.
11-37
Workshop - Export Step 5.
Export Named Sets NS-T101. Select the A: drive as the destination, thereby NS-T101. Click on Save.
11-38
Workshop - Export Step 6.
Export Named Sets phase_failures. Select the A: drive as the destination, thereby phase_failures. Click on Save.
11-39
Workshop - Export Step 7.
Launch Windows NT Explorer by selecting Start Programs Windows NT Explorer
11-40
Workshop - Export Step 8.
Copy the Ovw_ref.grf , Tank101.grf , and Tank201.grf files to the A: drive from the NT Explorer . DeltaV\DVData\Graphics-iFIX\Pic
Step 9.
Remove your floppy disk from drive and take it home with you.
11-41