Assigning “read permissions” to the station user BACnet is not necessary—BACnet server access is automatic to external BACnet client requests. However, to allow any external writes (from BACnet) to properties of exported components, including invoking commands (actions), you must assign the BACnet user the necessary permissions to those components.

For example, to allow an invoked “Active” action from BACnet to an exported BooleanWritable, in addition to making it “BACnet Writable” at priority level 8 when exporting (see Add (and Edit) in Bacnet Export Manager), you must configure the station’s BACnet user to have operator write permissions on that BooleanWritable, at a minimum. Or, if an exported NumericWritable has an alarm extension, and you want to permit external BACnet writes to its “alarm limit” values, configure the BACnet user to have admin write permissions on the exported NumericWritable.

In either example, to allow an external BACnet write to a property like “Out Of Service” or “Notify Type,” you must give the BACnet user admin write permissions on the Bacnet export descriptors. For details about station user security, see “About Security” in the User Guide.

BACnet user permissions also apply to writes of any exported files and histories. Also, note that while a password for the BACnet user is technically not needed (for external BACnet access), you should assign one anyway, because of the write permissions typically assigned. Make it a “non-blank” password, and guard this password carefully!