Profile

The Profile object is used for inmation authentication (this authentication method is also known as "Profile Credentials"). Profile objects can be used to authenticate access to the system by clients and external APIs. This object is the highest level object in the Access Model. The Profile object can be dragged and dropped onto objects in other Model Panels to set object level security permissions.

Use Cases

  • Assigning object security.

Quick Configuration

  1. Right-click on the Access Model, select New  Profile.

  2. Enter an Object Name in the Common page of Create Profile wizard.

  3. Change Administrative Role to "Administrator" if you want the Profile to have full administrative rights (equivalent to the system owner "so" profile). If selected, then the other General and Model authorization options will be greyed out as they are all applied. Change to "Reviewer" if you want to grant read-only administrative access to all models (except the Access Model). Check the AdministrativeGroup codings for available options.

  4. Expand the General Authorization section and select the authorization access for the profile from the available options.

    Selecting Datastudio means the profile can be used to login to the system using DataStudio. Selecting External API means that the external APIs (for example, the WebAPI) can use the profile to access the system. Selecting the other OPC options means that the profile can be used to access the system using the respective OPC clients.
  5. Expand the Model Authorization section and select the model panel access for the profile from the available options.

  6. Expand the Audit Trail Authorization section and select an Audit Trail authorization role for the profile (if required).

  7. Click Create to create the object in the Access Model.

For more information on how to configure a Profile in DataStudio, please visit How to Create a Profile.

Object Properties

Common

Object Name

The user-modifiable object name. This name overrides the name which has been supplied by the external system. It must be unique within the collection of objects of the parent object.

Object Description

This is the user-modifiable object description. This text overrides the description which has been supplied by the external system.

Administrative Role

Check this if the users role shall be used for administrative access. If a Role does not have this option checked it is not possible to allow assigned users or groups administrative rights for objects in the system.

  • None: No administrative access.

  • Administrator: Full administrative access.

  • Reviewer: Read-only administrative access.

General Access Rights

This option group defines the general access rights for users belonging to the profile.

  • DataStudio: If this Right is granted, users who belong to this profile may access the System using the DataStudio application.

  • External API: If this Right is granted, users who belong to this profile may access the system using the external API.

  • OPC DA Connections: If this Right is granted, users who belong to this profile may access the system using OPC DA client applications.

  • OPC HDA Connections: If this right is granted, users who belong to this profile may access the system using OPC HDA client applications, fetching Historical Data.

  • OPC A&E Connections: If this Right is granted, users who belong to this profile may access the aystem using OPC A&E Client applications, thus fetching Alarm & Event Data.

  • OPC UA Connections: If this right is granted, users who belong to this profile may access the system using OPC UA client applications.

Model Access Rights

The access rights to this model.

  • I/O Model: The I/O system comprises all classes required for managing external data sources and persistent data storage including Time Series and A&E historization.

  • System model: The system model organizes interfaces and distinct data sources in a logical systems model, defines logical namespaces, redundancy and priorities as well as custom vendor and system settings.

  • KPI Model: The KPI model comprises all classes which relate to key performance indicators and their organization.

  • Access Model: The Access Model consists of all classes that allow for setting security permissions to other models and classes. It supplies the features which are required to create and maintain a secure Information Management System.

  • Server Model: The Server Model lets you manage external Server interfaces of system:inmation and the assignment of other models to the namespace of particular Servers.

  • ISA-95 Equipment Model: The ANSI/ISA95 Equipment Model may be definitions of sites, areas, production units, production lines, work cells, process cells, or units.

  • ISA-95 Material Model: The ANSI/ISA95 Material Model defines the actual materials, material definitions, and information about classes of material definitions.

  • **:

  • **:

Audit Trail Role

The roles a user has in managing and viewing Audit Trail.

  • Administrator: The user is allowed to enable and disable Audit Trail and can update the auditing strategy.

  • System-wide Reviewer: The user is allowed to view Audit Trail for the whole system.

  • Limited Reviewer: The user is allowed to view Audit Trail for the objects that they have 'Read' access to.

Profile Credentials

Profile Credentials used for built-in authentication.

Available

The feature is available.

Password

Password.

Custom Options

Compound to hold various structures to customize the object and to be read and written to by Lua-Script code or external interfaces.

Custom String

A generic string buffer to be used programmatically for custom purposes.

Custom Properties

This is an extensible set of named strings which can be used programmatically for custom purposes.

Property Name

A custom property name which can be used programmatically.

Property Value

The value of the custom property which can be read and written programmatically.

Custom Tables

This is an extensible set of named tables which can be used programmatically for custom purposes.

Table Name

A custom table name which can be used programmatically.

Table Data

Handles an entire table organized in columns and rows. The data can easily (cut, copy and paste) be exchanged with table-oriented data of other software products, e.g. MS Excel.