Update cookies preferences
Promotic

Users - tab of the PmaRoot object

Description:
Users and user groups definition, see Users, user groups, permissions and login system.

Groups of users:
The group of users represents local or network users (PROMOTIC or Windows), having certain level of permissions in secured applications (they are authorized to perform only specific operations class in the running application). The number of specific groups of users (different authorization levels) is arbitrary. Any local or network PROMOTIC user and also Windows user group can be assigned to certaing user group. Each user can be a member of multiple groups of users simultaneously. Including the user into a user group grants the user permissions to perform some secured actions in the running application. If the groups of users are used for application security (instead of the single users), then it is possible to flexibly add/remove users in these groups of users while the application itself stays unchanged (it is even possible to manage the users in the running application, by the Pm.WndEditUsers method). It is very handy for the enduser allowing to reflect the personal changes in the user crew (new users comming, old users leaving, etc.). Assigning the users into groups of users is done directly at the user workstations, listing the groups the user is member of. The group of users is always created in the PRA file.

PROMOTIC users:
The criteria are set for all PROMOTIC users (local and network) that have to be met on log-on by the user so as he would be accepted by the system. The most important are the login name and password. The verification of the user's identity is crucial for the following users access limitation to critical parts of the application by creating permissions at individual parts of the application or by scripts. In order to limit the access of each user into the critical parts of the application the user groups are used (also the user priority can be used for this purpose).
Way of storing the PROMOTIC user configuration into the file:
1) PRA - The configuration of these PROMOTIC users is placed directly in the application. These users can be configured only in the development environment (it means that for the possible change, it is necessary to switch to the development mode).
2) INI - The configuration of these PROMOTIC users is placed in encrypted text in the [Users] section in the INI file set in the "File with users (INI)" configurator. these users can be configured both in the development environment and in the running application by the Pm.WndEditUsers method in the edit user window or by methods Pm.AddUser and Pm.RemoveUser.
3) TMP - The configuration of these PROMOTIC users is not persistently stored and they exist temporarily in the memory. It means that they are destroyed when application stop. These users can be configured only in the running application either by the Pm.WndEditUsers method in the edit user window or directly by methods Pm.AddUser and Pm.RemoveUser.

Type:
1) Local user - The user controls directly the application from the computer on which the application runs. It is supposed that an authorized user will provide critical operations in the login state (it means that he will be logged on from his arrival to the computer or he logs on before protected operations in the application).
2) Network user - The user is connected to the remote application (e.g. the network browsing trends, alarms, events etc. over the HTTP protocol).


Windows users:
Windows users on the computer or in a domain are managed by Windows OS tools. Each valid Windows user is therefore authentized by the Windows system and the PROMOTIC system can login such user.
The permissions of a logged-in Windows user to execute protected operations in the PROMOTIC application are defined by assigning the Windows user to corresponding Windows user groups. Windows user group can be linked with corresponding PROMOTIC user group. As a result the logged-in Windows user becomes a member of user groups which then specifies its permissions in the PROMOTIC application.
Configurators:
Use user groups from INI file in in runtimeIf checked, then the users from INI file will be used in runtime.
File with users (INI)The file of the INI type where the users are stored as encrypted text in the [Users] section. The users can be modified also in the running application by the Pm.WndEditUsers method.
The default value is: #cfg:users.ini.
It is recommended to use the PROMOTIC path syntax - see PROMOTIC path to files and folders.
Macro expression can be used for input (it is evaluated after the application is launched).
Login the local user automatically after startThe local user to be logged in automatically after the application is launched. This automated login will be performed without the need to enter the password. If no user is to be logged in automatically after the application is launched, then the substitute local user $NOUSER_LOCAL (default) is set, that represents a local user that is not logged in.
Enable Windows authentication (Windows users)If checked, then also the Windows local and network users can be used in runtime. It is necessary to enter the domain name and add the corresponding Windows groups into user groups. In order to use the Windows user authentication directly in the Web browser, the NTLM authentication must be selected in the "Extended configuration" configurator.
Name or address of the computer (domain) for Windows user authenticationThe name and password of local or network Windows user is verified by Windows resources on selected computer. If the name and password combination is verified as Windows user of such computer then the user is logged in (authentized) and assigned automatically generated user identifier. Then a list of Windows local and global user groups where the Windows user is a member is detected. Based on the list of Windows of user groups a corresponding list of user groups is set for such user. The created logged-in Windows user does not differ from the PROMOTIC logged-in user.
Macro expression can be used for input (it is evaluated after the application is launched).
Groups of users:
AddCreates a new user group.
EditEdit of selected user group.
DeleteDelete of selected user group.
PROMOTIC users:
AddCreates a new PROMOTIC user (local and/or network).
EditEdit of selected PROMOTIC user.
DeleteDelete of selected PROMOTIC user.
See also:
- Users, user groups, permissions and login system
- PmaObject > Permission (tab)
- PROMOTIC user
- Group of users
- PmUser (object)
- Pm properties and methods for users' administration
- PmaRoot.onUserLogonEnd (event)
History:
Pm9.00.18: In the "Name or address of the computer (domain) for Windows user authentication" configurator, the macro expression can be used for entering the value.
Pm9.00.02:
- New "Use user groups from INI file in in runtime" configurator.
- New "Enable Windows authentication (Windows users)" configurator.
- New "Name or address of the computer (domain) for Windows user authentication" configurator.
PROMOTIC 9.0.28 SCADA system documentation MICROSYS, spol. s r.o.

Send page remarkContact responsible person
© MICROSYS, spol. s r.o.