System Privilege Reference for Programmers
The following is a list of general privileges for the current implementation.
Constants must be preceded by \SecurityManager\ unless you have imported the API as described in The SecurityManager API.
General privilege numbers are <= 0. Custom privilege numbers are >= 16.
The table is complete. Missing values are deprecated privileges.
System Privilege Reference for Developers
|
System Privilege |
Constant |
Value |
Description |
|---|---|---|---|
|
Configure |
PrivBitConfigure |
0 |
Permits access to the Application and Configuration dialog, the Import File Changes button on the VAM and the right to delete applications. |
|
Account View |
PrivBitAccountView |
-1 |
Allows users to view (but not modify) their own privileges. |
|
Account Modify |
PrivBitAccountModify |
-2 |
Allows users to modify their own password, but does not allow them to modify their account privileges. |
|
Accounts Manager |
PrivBitManager |
-3 |
Permits manipulation of the Account List. Allows the user to add, copy, delete, and modify user accounts. |
|
Security Administrator |
PrivBitAdministrator |
-4 |
Permits access to the Administrative Settings dialog and modification of administrative functions. Also required to modify security roles. |
|
Alarm Disable |
PrivBitAlarmInhibit |
-5 |
Allows operators to disable alarms. |
|
Manual Data |
PrivBitManualData |
-6 |
Set or change the Manual Data value of a tag without having the Tag Modify privilege. |
|
Questionable |
PrivBitQuestionable |
-7 |
Change the Questionable flag of a tag without having the Tag Modify privilege. |
|
Alarm Acknowledge |
PrivBitAlarmAck |
-8 |
Allows operators to acknowledge alarms. |
|
Application Stop |
PrivBitAppClose |
-9 |
Allows users to stop the application |
|
Tag Parameter View |
PrivBitParamView |
-11 |
Allows users who do not have the Tag Modify privilege to view tag parameters. |
|
Edit Files |
PrivBitEditFiles |
-14 |
Allows users to change files through the Application Configuration dialog. Also required for the Compile button on the VAM. (Formerly called "Remove File") |
|
Deploy Changes |
PrivBitDeploy |
-15 |
Allows users to perform updates through the Application Configuration dialog. |
|
Revert Changes |
PrivBitRevert |
-16 |
Allows users to perform rollbacks through the Application Configuration dialog. |
|
Page Add |
PrivBitPageAdd |
-17 |
Allows users to add pages through the Idea Studio. |
|
Page Modify |
PrivBitPageModify |
-18 |
Allows users to modify page properties through the Idea Studio. |
|
Page Delete |
PrivBitPageDelete |
-19 |
Allows users to delete pages through the Idea Studio. |
|
Tag Add/Copy |
PrivBitTagAddCopy |
-20 |
Allows users to add or copy tags through the Tag Browser. Tag Modify also required. |
|
Tag Modify |
PrivBitTagModify |
-21 |
Allows users to modify tag properties through the Tag Browser. |
|
Tag Delete |
PrivBitTagDelete |
-22 |
Allows users to delete tags through the Tag Browser. |
|
Thin Client Access |
PrivBitInternetClient |
-23 |
Allows users to make connections to a Thin Client Server using a thin client. |
|
Alarm Mute |
PrivBitAlarmMute |
-24 |
Allows users to use the Mute button on the Alarm page to mute all current and future alarms. |
|
Alarm Silence |
PrivBitAlarmSilence |
-25 |
Allows users to use the Silence button on the Alarm page to silence the sounding alarm. |
|
Group Modify |
PrivBitHDVGroupModify |
-26 |
Allows the user to modify pen groups for the Historical Data Viewer page. |
|
Group Save |
PrivBitHDVGroupSave |
-27 |
Allows the user to save pen groups for the Historical Data Viewer page. |
|
Group Delete |
PrivBitHDVGroupDelete |
-28 |
Allows the user to delete pen groups for the Historical Data Viewer page. |
|
Pen Modify |
PrivBitHDVPenModify |
-29 |
Allows the user to modify pen properties for the Historical Data Viewer page. |
|
Note Add |
PrivBitNoteAdd |
-30 |
Allows the user to add notes to a notebook tag using the Historical Data Viewer page. |
|
Alarm Page Access |
PrivBitAlarmPageAccess |
-31 |
Allows the user to access the Alarm page. |
|
Reports Page Access |
PrivBitReportsPageAccess |
-32 |
Allows the user to access the Reports page. |
|
History Page Access |
PrivBitHDVAccess |
-33 |
Allows the user to access the Historical Data Viewer page. |
|
Thin Client Tools Access |
PrivBitVICTools |
-34 |
Deprecated |
|
Thin Client Monitor Access |
PrivBitVICMonitorView |
-35 |
Allows a user at a thin client connection other than the MIC to view the Thin Client Monitor page. |
|
Thin Client Monitor Admin |
PrivBitVICMonitorAdmin |
-36 |
Allows a user at a thin client connection other than the MIC to operate the Thin Client Monitor page. |
|
Page Note Edit |
PrivBitPageNoteEdit |
-37 |
Allows a user to add, edit or delete page notes. |
|
Page Note Hide |
PrivBitPageNoteHide |
-38 |
Allows a user to make page notes hide without deleting them. |
|
Advanced Version Control |
PrivBitVersionControl |
-39 |
Allows a user to switch or revert versions in the Version Log. |
|
Application Manager View |
PrivBitVAMView |
-40 |
Allows users to view the VAM when the Setup.INI property, HideWAM, is set to TRUE. |
| Manage Tag Types | PrivBitManageTagTypes | -41 | Allows use of "Create new type" and "Redefine type" in the Tag Browser. Allows use of "Manage Types" in the Application Configuration dialog. |
| Alarm Shelve | PrivBitAlarmShelve | -42 | Enables operators to shelve alarms, leaving them enabled but deactivating all notifications. |
| Sites Page Access | PrivBitSitesPageAccess | -43 | Allows a user to open a Sites page. |
| Maps Page Access | PrivBitMapPageAccess | -44 | Allows a user to open a map |
| Operator Notes Page Access | PrivBitOpNotesPageAccess | -45 | Allows a user to open the Operator Notes page. |
| Edit Data | PrivBitEditData | -46 | Edit historical data by creating overrides. |
| Remote Data Access | PrivBitRemoteDataAccess | -47 | User may retrieve data via SOAP or REST |
| Control Outputs | PrivBitControlOutputs | -48 | Deny output operations for all I/O tags not otherwise protected by a custom privilege. |
| Global Tag & Area Filter | PrivButUserFilter | -49 | Filter tag and alarm lists by tag name and by area. |
| Recipe Edit | PrivBitRecipeEdit | -50 | Change recipes |
| Batch Run | PrivBitBatchRun | -51 | Start recipe batches |
| Recipe Page Access | PrivBitRecipePageAccess | -52 | Open the Recipe & Batch Management Page |
| Edit Roster Contacts | PrivBitEditRosterContacts | -53 | Edit contacts in Roster tags. |
| Remote Tag Value / History Retrieve | PrivBitRemoteTagHistRetrieve | -54 | Restricts access to the main History table when making remote queries. (Access to defined SQL Views can permitted on a tag-by-tag basis.) |
| Services Page Access | PrivBitServicesPageAccess | -55 | User may access the Services page |
| Server Change | PrivBitSwitchServers | -56 | User may force a service to change servers |
| Lock Add/Remove | PrivBitLockAddRemove | -57 | User can create Control Locks and can remove Control Locks over which the user has "ownership" |
| Lock Admin | PrivBitLockAdmin | -58 | User can remove any Control Lock |
| Token Request/Release | PrivBitTokenRequestRelease | -59 | |
| Token Admin | PrivBitTokenAdmin | -60 | Able to release a control token from any tag. |
Three other constants are defined, which are duplicates of values in the above table. These exist for backward compatibility.
PrivBitRemoveFile == PrivBitEditFiles
PrivBitUpdate == PrivBitDeploy
PrivBitRollback == PrivBitRevert
