Visit the Industrial Automation Knowledge Base to get know-hows, hints and tips. It is designed to share vast amounts of technical knowledge and expertise in Industrial Automation products, systems, applications and markets.
In the majority of our customer's ClearSCADA / GeoSCADA databases there are a collection of SYSTEM objects to call various batch files, or perform other data handling external to ClearSCADA / GeoSCADA.
Some of these only need light privileges (like network activity, and .NET API for GeoSCADA) others need 'heavy' privileges (like to overwrite backup files, or access secure file servers to store secure records).
As such, only being able to have a single service account configured under which ALL SYSTEM objects execute is a bit too coarse in security permissions, and doesn't fit into a best practise 'role-based' privilege model.
What would be nice is if on the SYSTEM object it were possible (though not required, to prevent breaking existing systems) to enter a specific username/domain/password in which case each execution of this SYSTEM object would use these credentials rather than the global Server Configuration credentials.
Discuss challenges in energy and automation with 30,000+ experts and peers.
Find answers in 10,000+ support articles to help solve your product and business challenges.
Find peer based solutions to your questions. Provide answers for fellow community members!