System Privilege Reference for Programmers
The following is a list of general privileges for the current implementation.
Constants must be preceded by \SecurityManager\ unless you have imported the API as described in The SecurityManager API.
General privilege numbers are <= 0. Custom privilege numbers are >= 16.
The table is complete. Missing values are deprecated privileges.
System Privilege Reference for Developers
System Privilege |
Constant |
Value |
Description |
---|---|---|---|
Configure |
PrivBitConfigure |
0 |
Permits access to the Application and Configuration dialog, the Import File Changes button on the VAM and the right to delete applications. |
Account View |
PrivBitAccountView |
-1 |
Allows users to view (but not modify) their own privileges. |
Account Modify |
PrivBitAccountModify |
-2 |
Allows users to modify their own password, but does not allow them to modify their account privileges. |
Accounts Manager |
PrivBitManager |
-3 |
Permits manipulation of the Account List. Allows the user to add, copy, delete, and modify user accounts. |
Security Administrator |
PrivBitAdministrator |
-4 |
Permits access to the Administrative Settings dialog and modification of administrative functions. Also required to modify security roles. |
Alarm Disable |
PrivBitAlarmInhibit |
-5 |
Allows operators to disable alarms. |
Manual Data |
PrivBitManualData |
-6 |
Set or change the Manual Data value of a tag without having the Tag Modify privilege. |
Questionable |
PrivBitQuestionable |
-7 |
Change the Questionable flag of a tag without having the Tag Modify privilege. |
Alarm Acknowledge |
PrivBitAlarmAck |
-8 |
Allows operators to acknowledge alarms. |
Application Stop |
PrivBitAppClose |
-9 |
Allows users to stop the application |
Tag Parameter View |
PrivBitParamView |
-11 |
Allows users who do not have the Tag Modify privilege to view tag parameters. |
Edit Files |
PrivBitEditFiles |
-14 |
Allows users to change files through the Application Configuration dialog. Also required for the Compile button on the VAM. (Formerly called "Remove File") |
Deploy Changes |
PrivBitDeploy |
-15 |
Allows users to perform updates through the Application Configuration dialog. |
Revert Changes |
PrivBitRevert |
-16 |
Allows users to perform rollbacks through the Application Configuration dialog. |
Page Add |
PrivBitPageAdd |
-17 |
Allows users to add pages through the Idea Studio. |
Page Modify |
PrivBitPageModify |
-18 |
Allows users to modify page properties through the Idea Studio. |
Page Delete |
PrivBitPageDelete |
-19 |
Allows users to delete pages through the Idea Studio. |
Tag Add/Copy |
PrivBitTagAddCopy |
-20 |
Allows users to add or copy tags through the Tag Browser. Tag Modify also required. |
Tag Modify |
PrivBitTagModify |
-21 |
Allows users to modify tag properties through the Tag Browser. |
Tag Delete |
PrivBitTagDelete |
-22 |
Allows users to delete tags through the Tag Browser. |
Thin Client Access |
PrivBitInternetClient |
-23 |
Allows users to make connections to a Thin Client Server using a thin client. |
Alarm Mute |
PrivBitAlarmMute |
-24 |
Allows users to use the Mute button on the Alarm page to mute all current and future alarms. |
Alarm Silence |
PrivBitAlarmSilence |
-25 |
Allows users to use the Silence button on the Alarm page to silence the sounding alarm. |
Group Modify |
PrivBitHDVGroupModify |
-26 |
Allows the user to modify pen groups for the Historical Data Viewer page. |
Group Save |
PrivBitHDVGroupSave |
-27 |
Allows the user to save pen groups for the Historical Data Viewer page. |
Group Delete |
PrivBitHDVGroupDelete |
-28 |
Allows the user to delete pen groups for the Historical Data Viewer page. |
Pen Modify |
PrivBitHDVPenModify |
-29 |
Allows the user to modify pen properties for the Historical Data Viewer page. |
Note Add |
PrivBitNoteAdd |
-30 |
Allows the user to add notes to a notebook tag using the Historical Data Viewer page. |
Alarm Page Access |
PrivBitAlarmPageAccess |
-31 |
Allows the user to access the Alarm page. |
Reports Page Access |
PrivBitReportsPageAccess |
-32 |
Allows the user to access the Reports page. |
History Page Access |
PrivBitHDVAccess |
-33 |
Allows the user to access the Historical Data Viewer page. |
Thin Client Tools Access |
PrivBitVICTools |
-34 |
Deprecated |
Thin Client Monitor Access |
PrivBitVICMonitorView |
-35 |
Allows a user at a thin client connection other than the MIC to view the Thin Client Monitor page. |
Thin Client Monitor Admin |
PrivBitVICMonitorAdmin |
-36 |
Allows a user at a thin client connection other than the MIC to operate the Thin Client Monitor page. |
Page Note Edit |
PrivBitPageNoteEdit |
-37 |
Allows a user to add, edit or delete page notes. |
Page Note Hide |
PrivBitPageNoteHide |
-38 |
Allows a user to make page notes hide without deleting them. |
Advanced Version Control |
PrivBitVersionControl |
-39 |
Allows a user to switch or revert versions in the Version Log. |
Application Manager View |
PrivBitVAMView |
-40 |
Allows users to view the VAM when the Setup.INI property, HideWAM, is set to TRUE. |
Manage Tag Types | PrivBitManageTagTypes | -41 | Allows use of "Create new type" and "Redefine type" in the Tag Browser. Allows use of "Manage Types" in the Application Configuration dialog. |
Alarm Shelve | PrivBitAlarmShelve | -42 | Enables operators to shelve alarms, leaving them enabled but deactivating all notifications. |
Sites Page Access | PrivBitSitesPageAccess | -43 | Allows a user to open a Sites page. |
Maps Page Access | PrivBitMapPageAccess | -44 | Allows a user to open a map |
Operator Notes Page Access | PrivBitOpNotesPageAccess | -45 | Allows a user to open the Operator Notes page. |
Edit Data | PrivBitEditData | -46 | Edit historical data by creating overrides. |
Remote Data Access | PrivBitRemoteDataAccess | -47 | User may retrieve data via SOAP or REST |
Control Outputs | PrivBitControlOutputs | -48 | Deny output operations for all I/O tags not otherwise protected by a custom privilege. |
Global Tag & Area Filter | PrivButUserFilter | -49 | Filter tag and alarm lists by tag name and by area. |
Recipe Edit | PrivBitRecipeEdit | -50 | Change recipes |
Batch Run | PrivBitBatchRun | -51 | Start recipe batches |
Recipe Page Access | PrivBitRecipePageAccess | -52 | Open the recipe page |
Edit Roster Contacts | PrivBitEditRosterContacts | -53 | Edit contacts in Roster tags. |
Remote Tag Value / History Retrieve | PrivBitRemoteTagHistRetrieve | -54 | Restricts access to the main History table when making remote queries. (Access to defined SQL Views can permitted on a tag-by-tag basis.) |
Services Page Access | PrivBitServicesPageAccess | -55 | User may access the Services page |
Server Change | PrivBitSwitchServers | -56 | User may force a service to change servers |
Lock Add/Remove | PrivBitLockAddRemove | -57 | User can create Control Locks and can remove Control Locks over which the user has "ownership" |
Lock Admin | PrivBitLockAdmin | -58 | User can remove any Control Lock |
Token Request/Release | PrivBitTokenRequestRelease | -59 | |
Token Admin | PrivBitTokenAdmin | -60 | Able to release a control token from any tag. |
Three other constants are defined, which are duplicates of values in the above table. These exist for backward compatibility.
PrivBitRemoveFile == PrivBitEditFiles
PrivBitUpdate == PrivBitDeploy
PrivBitRollback == PrivBitRevert