User Manual
Management platform
Access and security
16
214 | 351 CM110664en_07
30 days is exceeded, then the server shuts down. Unless new licenses are made available, after a manual
restart the system again goes into courtesy-mode exceeding and shut down.
Any unauthorized attempt to modify system license data directly in the database (e.g., changing the
remaining time of a specific license mode) shuts down the system.
16.3 Access and security
User management
User privileges can be assigned to users and to workstations, allowing users to be granted the same access
from everywhere or different access depending where they're logged on. The user interface displays only
elements, such as menus, buttons, list items, tree nodes, where the user has at least read access.
Access privileges can be assigned to resources/groups, such as workstations, features, applications,
system objects, system object properties and logical groups of these resources.
User authorization
User access rights in Desigo CC are determined by four main factors:
● The system must know the user (authentication).
● The user must be assigned to a user group.
● The user must have the appropriate application rights.
● The user must have the appropriate scope rights.
If all of these conditions are met, the user can log on to Desigo CC, and read/write objects and execute
tasks, depending on the assigned rights.
See
Desigo CC Engineering Manual
(A6V10415473).
Scopes
Scope is the general term for specific object access in Desigo CC. A scope segments and implements
certain rules for the user role in the project. A user only sees the area of the building assigned to him, e.g.,
pumps, receives only alarms from this area in the event of an emergency and can only acknowledge those
alarms. If an emergency occurs in an area that is not in the scope of this user, e.g., ventilators, the user
does not receive an alarm about this event.
Communication security
In general, communication channels are non-encrypted due to performance reasons. Exceptions are
communication channels for file transfer using web and video transfer. Sensitive data (passwords during
authentication or user management configuration) is transferred as encrypted message content.
Wireless input devices (especially keyboards) use radio transmission that is often not or inadequately
cryptographically protected. Even from greater distances, it is possible to listen in or even plant external
data in the system.
We recommend that you do not use wireless input devices. If you must use wireless input devices, use only
devices with proven encryption.
Communication ports and protocols
Which ports are used depends on the actual deployment and subsystem integration of the whole system.
See
Desigo CC System Description
(A6V10415500).
16.4 Event management
Desigo CC lets you quickly, easily, and accurately respond to any event.
Summary Bar
The Summary Bar contains a summary of the events occurring in the system and lets you quickly access
functions, such as the Event List. It also displays information, such as the system status, the logged in
user, etc. Depending on the client profile in use, the Summary Bar can be docked on the desktop or freely
opened and closed as needed.
Event List
The Event List provides a complete and easily filtered list of events under control of Desigo CC. When the
Event List is expanded, it clearly shows each event source, severity, current status, custom messages and
suggested action steps through the use of text, color, and icon representations. You can acknowledge,
silence, and reset alarms from the Event List.