Users - tab of the PmaRoot object

Users and user groups definition, see Users, user groups, permissions and login system.

Groups of users:
The group of users represents local or network users (PROMOTIC or Windows), having certain level of permission in secured applications (they are authorized to perform only specific operations class in the running application). The number of specific groups of users (different authorization levels) is arbitrary. Any local or network PROMOTIC user and also Windows user group can be assigned to certaing group of users. Each user can be a member of multiple groups of users simultaneously. Including the user into a group of users grants the user permissions to perform some secured actions in the running application. If the groups of users are used for application security (not only the single users), then it is possible to flexibly add/remove users in these groups of users while the application itself stays unchanged (it is even possible to manage the users in the running application, by the Pm.WndEditUsers method). It is very handy for the enduser allowing to reflect the personal changes in the user crew (new users comming, old users leaving, etc.). Assigning the users into groups of users is done directly at the user workstations, listing the groups the user is member of. The group of users is allways created in the PRA file.

The criteria are set for all PROMOTIC users (local and network) that have to be met on log-on by the user so as he would be accepted by the system. The most important are the login name and password. The verification of the user's identity is crucial for the following users access limitation to critical parts of the application by creating permissions at individual parts of the application or by scripts. In order to limit the access of each user into the critical parts of the application the user groups are used (also the user priority can be used for this purpose).
Way of storing the PROMOTIC user configuration into the file:
1) PRA - The configuration of these PROMOTIC users is placed directly in the application project. These users can be configured only in the development environment (it means that for the possible change, it is necessary to switch to the development mode).
2) INI - The configuration of these PROMOTIC users is placed in encrypted text in the [Users] section in the INI file set in the "File with users (INI)" configurator. these users can be configured both in the development environment and in the running application by the Pm.WndEditUsers method in the edit user window or by means of Pm.AddUser and Pm.RemoveUser methods.
3) TMP - The configuration of these PROMOTIC users is not persistently stored and they exist temporarily in the memory. It means that they are destroyed when application stop. These users can be configured only in the running application either by the Pm.WndEditUsers method in the edit user window or directly by means of Pm.AddUser and Pm.RemoveUser methods.

1) Local user - The user controls directly the application from the computer on which the application runs. It is supposed that an authorized user will provide critical operations in the login state (it means that he will be logged on from his arrival to the computer or he logs on before protected operations in the application).
2) Network user - The user is connected to the remote application (e.g. the network browsing events, alarms, trends, etc. over the HTTP protocol).

Windows users:
Windows users on a computer or in a domain are managed by Windows OS tools. Each valid Windows user is therefore authentized by the Windows system and the PROMOTIC system can login such user.
The permissions of a logged-in Windows user to execute protected operations in the PROMOTIC application are defined by assigning the Windows user to corresponding Windows user groups. Windows user group can be linked with corresponding PROMOTIC user group. As a result the logged-in Windows user becomes a member of user which then defines its permissions in the PROMOTIC application.
Use user groups from INI file in in the runtime modeIf checked, then the users from INI file will be used in the runtime mode.
File with users (INI)The file of the INI type where the users are stored as encrypted text in the [Users] section. The users can be modified also in the running application by the Pm.WndEditUsers method. The default value is: #cfg:users.ini.
It is recommended to use the PROMOTIC path syntax - see PROMOTIC path to files and folders.
Login the local user automatically after startThe local user to be logged in automatically after starting the application. This automated login will be performed withou the need to enter the password. If no user is to be logged in automatically after starting the application, then the substitute local user $NOUSER_LOCAL (default) is set, that represents a local user that is not logged in.
Enable Windows authentication (Windows users)If checked, then also the Windows local and network users can be used in in the runtime mode. It is necessary to enter the domain name and add the corresponding Windows groups into user groups. In order to use the Windows user authentication directly in the Web browser, the NTLM authentization must be selected in the "Extended configuration" configurator.
Name or address of a computer (domain) for Windows user authenticationThe name and password of local or network Windows user is verified by Windows resources on selected computer. If the name and password combination is verified as Windows user of such computer then the user is logged in (authentized) and assigned automatically generated user identifier. Then a list of Windows local and global user groups where the Windows user is a member is detected. Based on the list of Windows groups of users a corresponding list of groups of users is set for such user. The created logged-in Windows user does not differ from the PROMOTIC logged-in user.
Groups of users:
AddCreates a new group of users.
EditEdit of selected group of users.
DeleteDelete of selected group of users.
AddCreates a new PROMOTIC user (local and/or network).
EditEdit of selected PROMOTIC user.
DeleteDelete of selected PROMOTIC user.

PROMOTIC 9.0.17 SCADA system documentation - MICROSYS, spol. s r.o.

Send page remarkContact responsible person
© MICROSYS, spol. s r. o.Tavičská 845/21 703 00 Ostrava-Vítkovice