Discuss and solve problems in energy management and automation. Join conversations and share insights on products and solutions. Co-innovate and collaborate with a global network of peers.Register Now
>>Message imported from previous forum - Category:ClearSCADA Software<<
User: tcookson, originally posted: 2018-11-13 17:24:43 Id:316
I'm working on a system with a mix of ViewX and WebX clients and need some help adjusting security. There are a few "plant floor" WebX clients where I want to enable full control for logged in ClearSCADA users, and a few "roaming" clients that I want to have view only.
How do I (or can I):
* specify which users are allowed to login from which clients (ViewX and WebX), ideally by client IP or node name? I know how to enable/disable WebX globally, but not how to (or if it's possible) to enable/disable WebX based on IP.
* enable/disable WebX control privileges by IP or user name? plant operators should have write/control access from ViewX, and from plant floor WebX, but not remote WebX.
For what it's worth, I'm a PLC/SCADA guy, not an IT guy. I'm willing to dive into IIS, but I'll need more guidance than just "go fix it in IIS on the WebX server"...
Thanks in advance.
Reply User: tim_cjn, posted: 2018-11-14 17:27:51
For disabling WebX operations, have you tried unchecking "operate" on the WebX tab for the user?
This is an interesting question, thank you.
You can specify which users are allowed to access ViewX or WebX from ViewX by going to ConfigSecurityUsers and selecting the user you'd like to edit. On the general tab, you'll see a box with three checkboxes: [ ]ViewX [ ]Phone [ ]WebX. Simply check or uncheck the tabs as needed.
You will also be able to specify this in a user pattern for automatic user creation using Windows LDAP, so you don't find yourself having to manually uncheck it for an abundance of users.
Reply User: tcookson, posted: 2018-11-16 19:16:43
I know how to enable enable/disable WebX and ViewX by user name. What I want to do is enable/disable WebX and ViewX by the IP address/client node name/location that the user is logged in from.
Reply User: adamwoodland, posted: 2018-11-18 22:24:44
With core functionality there isn't the level of control you want without adding additional servers (i.e. user server-side restrictions on what clients connected to each server can do)
However you could add some script to the homepage mimic that checks the user against some lookup, and if there is/isn't a match leaves them logged in, else logs them out straight away (maybe with a message box).
Not perfect, but might just do what you want.