Академический Документы
Профессиональный Документы
Культура Документы
PMD/PlantScape Server
PMD Users and security
Overview
• By means of security, clear user roles and rules can be created to the
system.
Pulp, Paper, and Printing
14-05-03 2
Targets to be secured
• Display security
• Directory security
• PlantScape
– The setup creates the following users:
• ps_user
• mngr
• engr
• oper
– the PMD setup does not cause any changes to these users, and no
changes are needed because PlantScape users are not within the compass
of the PMDSecurity.
– Limit the use to the minimum.
• DEPARTMENT_Guest (1 piece)
– The password is the same as the user ID.
– Belongs to the PMDGuests and Power Users groups.
– The user has no access to the desktop, but has access to the Start menu
to open HMIWeb only and to log out from the system. Separate scripts are
used for the definition.
• DEPARTMENT_HWSRV (1 piece)
– Honeywell Service user ID. The user ID and the password are stored in the
TOSE Delivery and Production Information system.
– Belongs to the PMDAdministrators, Honeywell Administrators and
Administrators groups.
• PMDGuests
– The user group is intended for guests and other casual users for viewing
data.
– Rights and restrictions:
• The group has the right to call up trends, but is not allowed to create
them.
• The group has the right to call up reports, but is not allowed to create
them.
• The group is not allowed to configure the system, but is allowed to
acknowledge alarms!
• PMDOperators
– The user group is intended for normal process operation.
– Rights and restrictions:
• The group has the right to normal process control operations through
custom displays and faceplates.
• The group has the right to alarm acknowledgement.
• Control parameter modifications and system configuration are not
included in the group’s tasks.
• The user group operates the HMIWeb user interface with the
PlantScape oper user rights.
• PMDEngineers
– The tasks of the user group include system maintenance and planning.
– Rights and restrictions :
• The group is provided with more comprehensive user rights than that
defined for normal process operation.
• Writing right (W) to all process areas.
• Changing process control parameters is not included in the group’s
tasks.
• Rights to system configuration are secured through the Design Module
accounts and by using the PlantScape mngr account.
• PMDManagers
– The tasks of the users in the group include system maintenance and
planning, process control and management of user rights.
– Rights and restrictions:
• Full rights to process operation
• Critical writing rights (CW) to all process areas
• Rights to system configuration are secured through the Design Module
computer accounts and by using the PlantScape mngr account.
• PMD Administrators
– The tasks of the users in the group include the management of the
operating system: user and resource definitions, for example.
– Rights and restrictions:
• The rights of the group comply with that of the PMDManagers group.
• Additionally, the group belongs to the PlantScape Honeywell
Administrators.
NOTE!
It is recommended
to remove users
that not used from
all the
operator and
engineering
stations in
department
• During the project, such users and passwords are used that are known only by
the personnel of the said project. Passwords and their replacements must not
be coordinated between the projects in any way.
• When starting the project, the main engineer creates the users required by the
customer for the computers and sets/changes project-specific passwords for
all users. User groups are assigned the desired rights to process areas.
• User definitions
– Check the user definitions with the customer.
– Make necessary changes as per case.
– Change the passwords of all users remaining in use (incl. administrator)
so that project-specific passwords are discarded.
– Password change is documented in the deed of conveyance to ensure that
the change will be done and documented.
– The main engineer or project manager takes care that the Honeywell
service user and password are stored in the TOSE information system. The
service user notation is dddd_HWSRV.
2. Display security
• Department name, process area and protection level are defined for a display. A
display’s protection level stands for the user authorization level which is
transmitted to the pins included in the display.
3. Security configuration
• A group is assigned rights to a certain process area. The definition indicates
the highest authorization level. The authorization level includes the respective
lower levels. (R = R) (W = W and R) (CW = CW, W and R).
• Blocks that are not provided with a faceplate always connect to the process
area ”DEFPROAREA”. The process area cannot be set.
• The desired process area can be set for blocks that are provided with a
faceplate.
• Block pins are provided with fixed protection levels, which cannot be modified
by the application designer. The standard pin protection levels can be checked
by using the PDS Viewer.