System components are protected objects. Each is grouped by category. Once a human or other station (machine user) is authenticated, authorization to access station components depends on the user’s assigned role.

Each role defines a permissions map to the component category groupings. Permissions define access rights (the right to read-only, read and write, and invoke action) to each category. In addition, each role identifies which nodes of the station hierarchy are visible. The Admin role provides a user super-user permissions and access to all hierarchies.

The systems integrator (initial system installer) usually sets up component categories, roles, hierarchies, and users. The facility manager maintains these security constructs.

These features ensure that all users, human and machine, can access the services and components intended for them. All other services and components remain protected.

In addition to restricting access based on need-to-know (role, hierarchy and user), when a valid user remains logged in, but inactive for a period of time, the system automatically logs the valid user out to prevent unauthorized access by someone else.