Rapid SCADA supports three methods of user authentication:
To perform authentication, a client application, for example, Communicator or Webstation, sends to the Server application a request to validate user name and password. Server checks user credentials and returns the user role to the client application.
The standard user roles and their capabilities are listed in the following table.
|0||Disabled||Access to the system is denied|
|2||Dispatcher||Viewing all information, sending commands|
|3||Guest||Viewing all information|
|4||Application||Interacting with the Server application|
To restrict user access to interface objects (table views, schemes, etc.), create new user roles in Roles table in the configuration database. Then specify access rights in the Rights table.
If Rapid SCADA operates in a network that managed by Active Directory, it is recommended to use the 2nd and the 3rd authentication methods because of security reasons. The details of these methods are described below.
To allow the Server application interact with Active Directory, specify domain controller path and tick the nearby checkbox on Common Parameters page of the application.
The 2nd authentication method is used if the standard roles are enough to manage user rights. The benefits of this method are that rights management is performed using usual Active Directory tools without editing the configuration database and restarting the Server application.
To use the 2nd method it is required to create the security groups in Active Directory. The groups correspond to the user roles:
If a user is a member of the listed groups or he is a member of a group that is a member of the listed groups, the user is granted the appropriate rights in Rapid SCADA.
The 3rd method combines the capabilities of the 1st and the 2nd methods. User credentials check is performed by using Active Directory and a user role is defined by the Users table of the configuration database. In this case, user names and user roles are defined in the Users table, but user passwords are kept blank in the table.
Simultaneous use of all the above authentication methods is allowed.