Additional User Group Administration Procedures

Prerequisites

 

Remove a User from a User Group

  1. Select the appropriate user group.
  2. In the Group Configuration expander, select User Members list, and then select the appropriate user.
  3. Click the Remove button.
  4. The user is removed from the User Members list and added to the Configured Users list.
  5. Click Save .

 

Copy a User Group

  1. Select the user group to copy.
  2. Click Save As .
  3. Enter a new name for the user group.
  4. Click Save .
  1. The new user group, with the same rights as the original user group, is saved.

 

Configure User Inactivity Timeout

Desigo CC is locked if there is no user activity for a set period of time, so that the user has to log on again.

  1. Select the appropriate user group.
  2. Open the Group Configuration expander.
  3. Select the Inactivity timeout [minutes ] and enter a timeout period in minutes.
    NOTE: 0 = no timeout is set. If a user belongs to more than one user group or management group, the lowest time greater 0 becomes active as an inactive timeout time.
  4. Click Save .

 

Creating Full Local Scope Rights

  1. A local user group is selected.
  1. In the Scope Rights expander, click Add.
  2. In the Scope column, right-click the first row and select the local system.
  3. Configure the Scope entry as follows for the user group to have all rights:
    • Discipline: * ALL
    • Subdiscipline: * ALL
    • Object Type: * ALL
    • Object Subtype: * ALL
    • Property Groups: Status = W, Configuration = W, Diagnostic = W
    • Select the Command Groups, Create, Delete, Supervise and Vis. check boxes.
  4. In the Event Rights expander, select the event rights check boxes.
  5. In the Application Rights expander, select the Applications check box.
  6. All check boxes are selected to get full access as local user.
    NOTE: If another system is integrated later, you must check if you need to activate additional application rights.
  7. Click Save .
  1. A local user group is defined with all rights.

 

Creating Full Scope Rights for Global Administrator

  1. A global user group is selected.
  2. In a distributed system, select the master system for global user groups.
  1. Select Project > System Settings > [security of the master system].
  2. Click the Security tab.
  3. In the Scope Rights expander, click Add.
  4. In the Scope column, right-click the first row and select Global.
  5. Configure the Scope entry as follows for the user group to have all rights:
    • Discipline: * ALL
    • Subdiscipline: * ALL
    • Object Type: * ALL
    • Object Subtype: * ALL
    • Property Groups: Status = W, Configuration = W, Diagnostic = W
    • Select the Command Groups, Create, Delete and Supervise check boxes.
  6. In the Event Rights expander, select the event rights check boxes.
  7. In the Application Rights expander, select the Applications check box.
  8. All check boxes are selected to get full access as global administrator.
    NOTES:
    - The data master system shows all application rights of all distribution participants.
    - If another system is integrated at a later point in time, you must check if you need to activate additional application rights.
  9. Click Save .
  1. A global user group is defined with all rights.

 

Assigning Pre-defined Local Scope Definitions

  1. A local user group is selected.
  2. You have created a Scope definition (see Scopes).
  1. Select Project > System Settings > Scope > [your Scope definition].
  2. Drag the selected Scope definition to the Scope Rights expander.
  3. Only the objects or applications that were created in the Scope definition display.
  4. Configure the Scope entry as follows for a user group with restricted rights:
    • Discipline: Select an option.
    • Subdiscipline: Select an option.
    • Object Type: Select an option.
    • Object Subtype: Select an option.
    • Property Groups: Status = -/R or W, Configuration = -/R or W, Diagnostic = -/R or W.
    • (Optional) Select the Command Groups, Create, Delete and Supervise check boxes (Information).
  5. Repeat Steps 2 through 4 for another Scope entry.
  6. In the Event Rights expander, select the event rights check boxes.
  7. Click Save .
  1. A user group is created using Scope definitions with restricted rights.

 

Creating Reduced Local Scope Rights

  1. A local user group is selected.
  1. Select Project > System Settings > Security.
  2. Select the Security tab.
  3. In the Scope Rights expander, click Add.
  4. In the Scope column, right-click the first row and select the desired system.
  5. Configure the Scope entry as follows for a user group with restricted rights:
    • Discipline: Select an option.
    • Subdiscipline: Select an option.
    • Object Type: Select an option.
    • Object Subtype: Select an option.
    • Property Groups: Status = -/R or W, Configuration = -/R or W, Diagnostic = -/R or W.
    • (Optional) Select the Command Groups, Create, Delete and Supervise check boxes (Information).
  6. Repeat Steps 3 and 4 to add another Scope entry.
  7. In the Event Rights expander, select the event rights check boxes.
  8. In the Application Rights expander, select the Applications check box.
  9. Click Save .
  1. A user group is defined with restricted rights.

 

info

NOTE:
After you change or assign Scope rights to a user group, you must stop and restart the client application for the new Scope rights to take effect.
If you are working in closed mode, contact the system administrator to change the settings from another station. The client application cannot be shut down on a client station that is running in closed mode.

 

Set the Filter Criteria for Data Point Information

The example shows the filter settings in the Object Configurator.

  1. In System Browser, select Management View.
  2. Select [Project] > Field Networks > [BACnet network] > Hardware > [device] > [data point].
    NOTE: The filters for discipline and object type impact every data point for a project.
  3. Select the Object Configurator tab.
  4. Open the Main expander and then Classification settings.

 

Configuring Automatic User Role Change Using Reactions

  1. System Manager is in Engineering mode.
  2. System Browser is in Application View.
  1. Select Applications > Logics > Reactions or a [subfolder] below it.
  2. The Reaction Editor tab displays.
  3. Open the Triggers expander and configure input triggers of the reaction.
  4. From the Output expander, open the Action expander.
  5. Navigate to the Management View and drag the Users node from the System Browser into the empty area inside the Action expander.
  6. In Property dropdown, select RoleChange.
  7. In Command dropdown, select Apply.
  8. Specify values for the following parameters:
    • User for whom the role is updated.
    • Role to be updated.
    • Set the value of the Active property to true if you want to activate the role or false if you do not want to activate the role.
  10. Save the reaction.
  1. Based on the trigger set for the reaction, the user role change commands are executed.
info

Single automated user role change request or multiple such requests can be configured into a single reaction based on requirement. Only valid commands are successful and corresponding roles are updated. Invalid requests coming through reactions are discarded. The role change command can be configured in the reaction for all the users and their corresponding roles including mandatory and non-mandatory user roles.

Configuring Automatic User Role Change Using Macros

  1. System Manager is in Engineering mode.
  2. System Browser is in Application View.
  1. Select Applications > Logics > Macros or a [subfolder] below it.
  2. The Macro tab displays.
  3. Navigate to the Management View and drag the Users node from the System Browser into the Macro tab.
    • This creates a new row.
  4. In the Property drop down list, select RoleChange.
  5. In the Command drop down list, select Apply.
  6. Specify values the following parameters and save the macro:
    • User for whom the role is updated.
    • Role to be updated.
    • Set the value of the Active property to true if you want to activate the role or false if you do not want to activate the role.
  8. The macro is saved and displays below the Macros node and the role specified for the user is updated.
  9. Navigate to the Application View and select Applications > Logics > Reactions or a [subfolder] below it.
  10. The Reaction Editor tab displays.
  11. Open the Triggers expander and configure input triggers of the reaction.
  12. From the Output expander, open the Action expander.
  14. Drag the macro saved in the Macros node from the System Browser into the empty area inside the Action expander.
  15. Save the reaction.
  1. When the reaction is executed based on the configured trigger, the macro is executed and all the configured user role change commands are executed automatically.
info

A single automated user role change request or multiple such requests can be configured into a single macro based on requirement. Only valid commands are successful and corresponding roles are updated. Invalid requests coming through macros are discarded. The role change command can be configured in the macro for all the users and their corresponding roles including mandatory and non-mandatory user roles.