Authorization management
Once a human or remote station user is authenticated, authorization to access station components is based upon the permission
level assigned to each slot, the category(ies) into which components are grouped, and the role assigned to each user. All
configuration is stored in the system database, using services, components, and component views.
Figure 12. Station security configuration includes categories, roles and users
- Beginning at the top of the diagram, the permission level may be configured on each component as needed. You change the default permission level for a component by turning the
Operatorconfig flag for the slot on or off. - Categories organize components, files and histories into groups. You set up categories using the Category Manager view (CategoryService).
- Roles associate permissions to read, write, or invoke an action on a category of system components with a generic name, such as Manager, Foreman or Maintenance crew. You set up roles and permissions using the Role Manager view (RoleService). The New Station wizard installs the Admin role. This special super user cannot be modified or configured, and does not appear in the Role Manager.
- Human and machine users are assigned to roles for the purpose of granting users the right to read, write and invoke actions on components. You assign roles to individual users using the User Manager view (UserService).