System Privilege Reference for Programmers

The following is a list of general privileges for the current implementation.

Constants must be preceded by \SecurityManager\ unless you have imported the API as described in The SecurityManager API.

General privilege numbers are <= 0.  Custom privilege numbers are >= 16.

The table is complete. Missing values are deprecated privileges.

System Privilege

Constant

Value

Description

       

Configure

PrivBitConfigure

0

Permits access to the Application and Configuration dialog, the Import File Changes button on the VAM and the right to delete applications.

Account View

PrivBitAccountView

-1

Allows users to view (but not modify) their own privileges.

Account Modify

PrivBitAccountModify

-2

Allows users to modify their own password, but does not allow them to modify their account privileges.

Accounts Manager

PrivBitManager

-3

Permits manipulation of the Account List. Allows the user to add, copy, delete, and modify user accounts.

Security Administrator

PrivBitAdministrator

-4

Permits access to the Administrative Settings dialog and modification of administrative functions. Also required to modify security roles.

Alarm Disable

PrivBitAlarmInhibit

-5

Allows operators to disable alarms.

Manual Data

PrivBitManualData

-6

Set or change the Manual Data value of a tag without having the Tag Modify privilege.

Questionable

PrivBitQuestionable

-7

Change the Questionable flag of a tag without having the Tag Modify privilege.

Alarm Acknowledge

PrivBitAlarmAck

-8

Allows operators to acknowledge alarms.

Application Stop

PrivBitAppClose

-9

Allows users to stop the application

Tag Parameter View

PrivBitParamView

-11

Allows users who do not have the Tag Modify privilege to view tag parameters.

Edit Files

PrivBitEditFiles

-14

Allows users to change files through the Application Configuration dialog. Also required for the Compile button on the VAM. (Formerly called "Remove File")

Deploy Changes

PrivBitDeploy

-15

Allows users to perform updates through the Application Configuration dialog.

Revert Changes

PrivBitRevert

-16

Allows users to perform rollbacks through the Application Configuration dialog.

Page Add

PrivBitPageAdd

-17

Allows users to add pages through the Idea Studio.

Page Modify

PrivBitPageModify

-18

Allows users to modify page properties through the Idea Studio.

Page Delete

PrivBitPageDelete

-19

Allows users to delete pages through the Idea Studio.

Tag Add/Copy

PrivBitTagAddCopy

-20

Allows users to add or copy tags through the Tag Browser. Tag Modify also required.

Tag Modify

PrivBitTagModify

-21

Allows users to modify tag properties through the Tag Browser.

Tag Delete

PrivBitTagDelete

-22

Allows users to delete tags through the Tag Browser.

Thin Client Access

PrivBitInternetClient

-23

Allows users to make connections to a Thin Client Server using a thin client.

Alarm Mute

PrivBitAlarmMute

-24

Allows users to use the Mute button on the Alarm page to mute all current and future alarms.

Alarm Silence

PrivBitAlarmSilence

-25

Allows users to use the Silence button on the Alarm page to silence the sounding alarm.

Group Modify

PrivBitHDVGroupModify

-26

Allows the user to modify pen groups for the Historical Data Viewer page.
If denied, then Group Delete and Group Save are also effectively denied.

Group Save

PrivBitHDVGroupSave

-27

Allows the user to save pen groups for the Historical Data Viewer page.

Group Delete

PrivBitHDVGroupDelete

-28

Allows the user to delete pen groups for the Historical Data Viewer page.

Pen Modify

PrivBitHDVPenModify

-29

Allows the user to modify pen properties for the Historical Data Viewer page.

Note Add

PrivBitNoteAdd

-30

Allows the user to add notes to a notebook tag using the Historical Data Viewer page.

Alarm Page Access

PrivBitAlarmPageAccess

-31

Allows the user to access the Alarm page.

Reports Page Access

PrivBitReportsPageAccess

-32

Allows the user to access the Reports page.

History Page Access

PrivBitHDVAccess

-33

Allows the user to access the Historical Data Viewer page.

Thin Client Tools Access

PrivBitVICTools

-34

Deprecated

Thin Client Monitor Access

PrivBitVICMonitorView

-35

Allows a user at a thin client connection other than the MIC to view the Thin Client Monitor page.

Thin Client Monitor Admin

PrivBitVICMonitorAdmin

-36

Allows a user at a thin client connection other than the MIC to operate the Thin Client Monitor page.

Page Note Edit

PrivBitPageNoteEdit

-37

Allows a user to add, edit or delete page notes.

Page Note Hide

PrivBitPageNoteHide

-38

Allows a user to make page notes hide without deleting them.

Advanced Version Control

PrivBitVersionControl

-39

Allows a user to switch or revert versions in the Version Log.

Application Manager View

PrivBitVAMView

-40

Allows users to view the VAM when the Setup.INI property, HideWAM, is set to TRUE.

Manage Tag Types PrivBitManageTagTypes -41 Allows use of "Create new type" and "Redefine type" in the Tag Browser. Allows use of "Manage Types" in the Application Configuration dialog.
Alarm Shelve PrivBitAlarmShelve -42 Enables operators to shelve alarms, leaving them enabled but deactivating all notifications.
Sites Page Access PrivBitSitesPageAccess -43 Allows a user to open a Sites page.
Maps Page Access PrivBitMapPageAccess -44 Allows a user to open a map
Operator Notes Page Access PrivBitOpNotesPageAccess -45 Allows a user to open the Operator Notes page.
Edit Data PrivBitEditData -46 Edit historical data by creating overrides.
Remote Data Access PrivBitRemoteDataAccess -47 User may retrieve data via SOAP or REST
Control Outputs PrivBitControlOutputs -48 Deny output operations for all I/O tags not otherwise protected by a custom privilege.
Global Tag & Area Filter PrivButUserFilter -49 Filter tag and alarm lists by tag name and by area.
Recipe Edit PrivBitRecipeEdit -50 Change recipes
Batch Run PrivBitBatchRun -51 Start recipe batches
Recipe Page Access PrivBitRecipePageAccess -52 Open the recipe page
Edit Roster Contacts PrivBitEditRosterContacts -53 Edit contacts in Roster tags.
Remote Tag Value / History Retrieve PrivBitRemoteTagHistRetrieve -54 Restricts access to the main History table when making remote queries.
(Access to defined SQL Views can permitted on a tag-by-tag basis.)
Services Page Access PrivBitServicesPageAccess -55 User may access the Services page
Server Change PrivBitSwitchServers -56 User may force a service to change servers
Lock Add/Remove PrivBitLockAddRemove -57 User can create Control Locks and can remove Control Locks over which the user has "ownership"
Lock Admin PrivBitLockAdmin -58 User can remove any Control Lock
Token Request/Release PrivBitTokenRequestRelease -59  
Token Admin PrivBitTokenAdmin -60 Able to release a control token from any tag.

Three other constants are defined, which are duplicates of values in the above table. These exist for backward compatibility.

PrivBitRemoveFile == PrivBitEditFiles

PrivBitUpdate == PrivBitDeploy

PrivBitRollback == PrivBitRevert