The User Password Levels are hierarchical meaning that each User of a certain Level can also execute operations of lower levels. Level i is the lowest User Level , while the Developer Level is the highest.
Movicon Help on Line - Rel. 11.7.1301
Each user is assigned a User Password Level for user authentication and a Access Level, which determines which read and write rights the user has on the various project controls, in the Movicon user management.
The User Password Levels are needed for user authentication. When a user has logged on their Password level is activated enabling the user to execute all the commands protected by a password levels the same as or lower than theirs. The User Password Levels are:
User Level 0 (0) = no password level required
User Levels (1-1022) = password levels required from 1 to 1022. These password levels are assigned to normal project users.
Administrator User Level (1023) = password level for Administrator or System users. System operations can also be executed With this password level such as closing the project, etc.
Developer User Level (1024) = password level for Developer users. The project can also be developed with this password level.
|
The User Password Levels are hierarchical meaning that each User of a certain Level can also execute operations of lower levels. Level i is the lowest User Level , while the Developer Level is the highest. |
This property can be set in various points and in various components of a Movicon project. For example, in the "Users General Properties" this setting permits each user to be associated with a Password Level.
Where the project's controls and resources are concerned the 'User Level' property is used for defining which User Password Level is necessary for executing the command list associated to that control. For further information please refer to the 'User Levels' property of the component or resource of interest:
Object "User Level" property (paragraph: "Access Levels Properties common to Drawings and Controls")
Menu "User Level" property (paragraph: "Item Menu General Properties")
Shortcut "User Level" property (paragraph: "Shortcut Command General Properties")
When log on has been executed correctly by verifying the Users authentication it is possible to set a limit to User intervention on various project controls or components by using the 'Access Levels'.
There are 16 distinct levels, from 'Access Level 1' to 'Access Level 16'. In this case each Access Level, which can be activated by using a Check-Box, is independent of the others. For example, by enabling 'Access Level 5' on a Button control means that only the Users that have 'Access Level 5' checked on their 'Access Level' Masks can access this Button. The Access Mask setup for various Users must therefore have a correspondence with the Access Mask setup for the project's controls or components to be able to grant access, in read/write, to them.
|
The Access Levels are not managed hierarchically, therefore the high levels (i.e. Level 16) do not acquire the access rights of lower Levels (i.e. Level 1). |
You must keep in mind that the User Password Levels have priority over the 'Access Levels', which means that the users must first logon and have their Password Level verified for authentication before the Access Levels assigned to the user are verified.
The figure illustrates an example of user access control at Log On.
Based on the access level and area required to execute the command, the users 1 & 2 are permitted or denied not access based on their privileges.
This property, which is found in various controls and components of Movicon projects, defines which is the control's Write Access Level. If the User has been authenticated but their Access Level does not correspond with the control's, the user will not be able to write in that control.
You must also consider that a project's control's or component's write access assumes different meanings according to the object itself. For further information please refer to the 'Write Access Level' property of the component of interest:
Variable "Write Access Level" property (paragraph: "Variable Access Level Properties")
Alarm Threshold "Write Access Level" property (paragraph: "Alarm Threshold General Properties")
Scheduler "Write Access Level" property (paragraph: "Scheduler Access Level Properties")
This property, found in various Movicon project controls and components, defines which is the control's Read Access Level. If the User has been authenticated but their Access Level does not correspond with the control's, the user will not be able to read that control.
You must also consider that a project's control's or component's write access assumes different meanings according to the object itself. For further information please refer to the 'Read Access Level' property of the component of interest:
Variable "Read Access Level" property (paragraph: "Variable Access Level Properties")
Alarm Threshold "Read Access Level" property (paragraph: "Alarm Threshold General Properties")
Scheduler "Read Access Level" property (paragraph: "Scheduler Access Level Properties")
This property is only available for the "Scheduler" object and Real Time DB variable resources. This property allows you to keep these resources always available in the project's "Scheduler Window" selection list. By enabling this property the scheduler or variable can be made available and selected in the "Scheduler Window" independently from the Access Level of the user logged in. For further information please refer to the desired component's "Read Access Level" property:
Variable "Always Visible" property (paragraph: "Variable Access Level Properties")
Scheduler "Always Visible" property (paragraph: "Scheduler Access Level Properties")
Invalid Login
Movicon has a mechanism to discourage multiple failed login attempts. In fact, after a number of failed Login attempts that can be configured by means of using "MaxLoginFailed" (default 3) registry key, the Login window will always take longer to reappear in order to deter malicious users from make further attemps to login, and a "Maximum limit of attempts has been reached" message will appear in the System Log causing a further delay for subsequent login attempts.
In addition, the key also has effect on failed logins for 'Single/Double Ei. Sign. for Commands' types.
