System Privilege Reference for Developers
For programmers: Every general privileges has a negative index number starting at -1. User privileges have an positive index number, starting at 16. The index number can be seen in the Privileges dialog, available from the security menu.
See also: System Privilege Reference for Programmers
--Accounts & Security Configuration--
Role configuration (create, edit, delete) but only if the user also has the Manager privilege and is not part of a realm.
Access the security Options dialog (Administrative Settings) to do any of the following:
- Change the default automatic sign-out time
- Set rules for password complexity.
- Enable Windows Security Integration
- Set the realm delimiter and enable separate realm entry during sign-in.
- Enable signed-out VIC sessions
- Enable OAuth 2.0
- Configure for OpenID Connect.
Security is not enabled unless at least one active user has this privilege.
Access the Accounts dialog and modify accounts other than your own.
To create and modify roles, you must also have the Administrator privilege.
Configure Subordinate Application tags (Must possess the Manager privilege or the Configuration privilege in the subordinate application.)
Open the Accounts dialog to modify your own password. You cannot change your privileges or other settings.
Open the Accounts dialog to view your own settings. You cannot change anything.
*On password expiry, everyone can give themselves a new password, regardless of privileges.
Sign in using a thin client (VIC, Anywhere or Mobile).
Thin Clients: Mobile and Internet
Remote Data Access Privilege (-47)
Use the ODBC (REST) interface to query application data from outside VTScada.
SQL Queries, Excel Add-in for Data Retrieval
Remote Tag Value / History Retrieve Privilege (-54)
Restrict access to the main History table.
Users with Remote Data Access can access SQL Views on a tag-by-tag basis depending on the custom privilege defined for each.
SQL Queries, Excel Add-in for Data Retrieval, SQL View Tag
--Application Control--
Application Stop Privilege (-9)
Stop a running application.
Application Manager View (-40)
Applies only if the application property, HideVAM from users without "Application Manager View" privilege is set.
VTScada Application Manager (VAM)
Switch a service from one server to another.
--Version Control--
Advanced Version Control Privilege (-39)
Open and use the Show Version Log dialog
Deploy Changes Privilege (-15)
Applies only if the application property, "Automatically deploy local changes", is not set on the current workstation. Allows the user to deploy local changes.
Revert Changes Privilege (-16)
Similar to Deploy Changes. Required in order to use the Revert Changes tool in application configuration.
--Application Configuration--
Use the Import File Changes tool.
Manage files in the File Manifest.
Create new pages using the Idea Studio.
View and edit existing, user-created pages in the Idea Studio.
Display Building (Idea Studio)
Delete pages in the Idea Studio. Users must also have the Page Modify privilege.
Tag Parameter View Privilege (-11)
View but not edit properties of other tags.
Not required if the user has the Tag Modify privilege.
Tag Add / Copy Privilege (-20)
Meaningless without the Tag Modify privilege.
Required in order to create new tags.
Required in order to configure tags, including those being created.
Allows the user to delete tags.
Required in order to use any of:
- Create New Type (Tag Browser)
- Redefine Type (Tag Browser)
- Manage Types (Application Configuration dialog. Access to that dialog is restricted to those with the Application Configuration privilege.)
Alarm Acknowledge Privilege (-8)
Acknowledge alarms.
Disable alarms using the right-click menu on a widget.
(Changes through the Tag Browser require the Tag Modify privilege.)
Stop all alarm sounds (current and new) for a user-specified length of time.
Stop all current alarm sounds indefinitely. New alarms will sound.
Shelve selected alarms
Tag Operations
Use the right-click menu of a widget to set the Manual Data value of the linked tag.
Not needed by users who have the Tag Modify privilege.
Use the right-click menu of a widget to change the Questionable flag of the linked tag.
Not needed by users who have the Tag Modify privilege.
Control Outputs Privilege (-48)
Applies only to tags that are not otherwise protected by a custom (user-created) privilege.
Must be granted in order to write values to equipment.
Restrict Access to Output Tags
Able to create locks and to remove locks over which the user has "ownership".
Able to remove any control lock from any tag. This privilege is not limited by lock ownership.
Lock Administrators who do not have the Lock Add / Remove privilege cannot create Control Locks.
Able to request tokens and to release tokens over which the user has "ownership".
Able to release a control token from any tag. This privilege is not limited by token ownership.
Token Administrators do not have the Token Request / Release privilege and cannot request tokens.
Operators with this privilege can add, edit and remove entries in the Contacts list of any Roster tag.
--Historical Data & Notes--
Open the Tag Selector in the Historical Data Viewer (HDV) and select tags or queries.
Does not allow you to save or delete existing groups.
Pen Groups - Save Tag Selections
Save tag selections as named groups in the HDV's Tag Selector dialog.
Operators must also have the Group Modify privilege.
Delete pen groups from the HDV's Tag Selector dialog.
Operators must also have the Group Modify privilege.
Pen Groups - Save Tag Selections
Required in order to create a note in any notebook, any page.
Change properties associated with a pen (tag) in the Historical Data Viewer.
Add or edit data in the grid tab, Raw Data view of the Historical Data Viewer
--Page Access--
Alarm Page Access Privilege (-31)
Open the alarm page.
History Page Access Privilege (-33)
Open the Historical Data Viewer page.
Thin Client Monitor Admin Privilege (-36)
Use tools within the Thin Client Monitor page within an application. Users must also have the Thin Client Monitor Access privilege in order to view that page.
Maps Page Access Privilege (-44)
View maps within an application.
Operator Notes Page Access Privilege (-45)
Open the Operator Notes page.
Users must have the Note Add privilege to create notes.
Reports Page Access Privilege (-32)
Open and use the Reports page.
Sites Page Access Privilege (-43)
Open and use the Sites page. View Site Lists.
Services Page Access Privilege (-55)
Stop a running application.
--Recipe Operations--
Recipe Page Access Privilege (-52)
Open the Recipe page.
To use the page, users must also either or both of Recipe Edit and Run Batch privileges.
Create and modify recipes for batch processing operations.
Start a recipe batch run.
--Miscellaneous--
Global Tag & Area Filter (-49)
Enables the Global Tag & Area Filter button at the top of every page. With this, operators can create their own filters for tag and alarm lists.
Page Note Edit Privilege (-37)
Add, modify and delete page notes.
Page Note Hide Privilege (-38)
Hide page notes from view (temporarily).
Thin Client Monitor Access Privilege (-35)
Open the Thin Client Monitor page within an application.
