You are on page 1of 19

Security Policy

CS1000/3000 Fundamental Course Textbook PART-H Security Policy

H-1. Security Overview H-2. HIS Security H-3. User Security H-4. User Group H-5. Window Authorities H-6. Mode Selection Key H-7. Function Block Security H-8. Operation Mark




TE33Q4T30-01E 2 YOKOGAWA . acknowledgment of received messages and alarms or calling up windows. • Monitoring Displaying function block data. changing function block status and other operations. “operation and monitoring” is defined as follows: • Operation Setting data to function blocks. In the CS 1000/CS 3000 security policy.Security Overview (1) The security policy is set to prevent illegal operations and other problems and ensuring the safety of the system. and masks certain alarms of which the operator need not be notified. The security policy restricts the scope of operation and monitoring permitted for an operator.

Regardless of the logon users. The user of CENTUM is different from the user of Windows. the operation performed to a device or to a function block data item may be restricted. TE33Q4T30-01E 3 YOKOGAWA . Each user is restricted to operate or monitor a certain scope of devices and function block data items. • HIS Security Policy HIS security policy stipulates the scope of operation and monitoring allowed on the Human Interface Station. General-purpose Windows applications follow the security policy of Windows. • User Security Policy User security policy stipulates the scope of operation and monitoring for the users.Security Overview (2) The following two types of policies are available in CS 1000/CS 3000. The scope of operation and monitoring permitted for an operator is determined by a combination of HIS security and user security settings.

Flow of Security Check HIS operation Security check HIS security check Scope of operation and monitoring check for the HIS User security check Scope of operation and monitoring check for a user group Privilege levels of operation and monitoring check for a user Operation • Window operation and monitoring • Function block operation and monitoring Operation record Operation History TE33Q4T30-01E 4 YOKOGAWA .

The security level setting means to select either monitoring only machine or monitoring and operation machine (default). The HIS security check has a precedence over the user security check. TE33Q4T30-01E 5 YOKOGAWA .HIS Security The security level regarding operation and monitoring as well as the operation and monitoring scope can be set for the HIS itself. The operation and monitoring scope of the HIS is unrelated with the operation and monitoring scope set for each user group.

The operation record can be confirmed by the historical message report. TE33Q4T30-01E 6 YOKOGAWA .User Security The operators performing the operation and monitoring functions are classified based on their privilege level (authority). This classification is called user. The following attributes are assigned to each user: User name: Password: User group: Privilege level: User recognition User identification Monitoring and operation scope Monitoring and operation authority The operations performed by the user are held as the operation record.

*1 Maintenance means the engineering work such as initiation of the builder. The following default privilege levels are available (security level 4). operation and monitoring rights can be defined.User Privilege Levels The users’ operation and monitoring rights on HIS are defined according to privilege levels. For each window. See Supplement X. Whether the user with a certain privilege level is permitted to operate the specified data item can also be defined. Function Block Security. TE33Q4T30-01E 7 YOKOGAWA .

the operation and monitoring will be disabled. The privilege level of the user who accesses from the User-in Dialog becomes valid when the mode selection key position of the operation keyboard is OFF. *1: When the user group for OFFUSER is changed to NONEGRP and the HIS is started. the password is user definable.Default User Names The HIS offers the following default user names. *2: User cannot user-in as PROG. TE33Q4T30-01E 8 YOKOGAWA . The user group can be changed for any user. Password is not required for OFFUSER but required for ONUSER and ENGUSER.

switching the OFFUSER to a different user is called user-in. the user automatically changes to the OFFUSER when the automatic user-out time elapsed.Switching Users In the HIS. TE33Q4T30-01E 9 YOKOGAWA . To perform user-in or user-out. User–in at HIS startup OFFUSER USER A USER B User-in operation User-out operation Change password button When an automatic user out-time is defined. call up the User-In dialog box from the System Message window and enter a user name and the password. and the user switching back to the OFFUSER is called user-out.

set by the station name and the control drawing.User Group The users are classified into groups based on their operation and monitoring scopes. This classification is called user group. If the plant name is not used. TE33Q4T30-01E 10 YOKOGAWA . The following attributes are assigned to each user group: • User group name: • Monitoring scope: • Operation and monitoring scope: • Windows scope: • Acknowledgement: • Process message receiving: User group recognition Monitoring range Operation and monitoring range Window names for operation and monitoring Acknowledgment range Monitoring range of the generated messages The range is set by the plant name.

Default User Group The following built-in default user groups are managed by CS 1000/CS 3000 security policy. The user group name may be defined on the Security Builder. TE33Q4T30-01E 11 YOKOGAWA .

OPS*-A in Group-AB using HIS0124 and their privileges.Concepts of Scope and Privilege Operation & monitoring scope of HIS0124. Whole Plant Equipment A Equipment B Equipment C Equipment D Users in Group-AB: OPS1-A: Monitoring OPS2-A: Operation and monitoring OPS3-A: Operation. monitoring and maintenance Equipment E Operation & monitoring scope of users. Operation & monitoring scope of user Group-AB. TE33Q4T30-01E 12 YOKOGAWA .

• Users of privilege level S2 can operate and monitor general and important windows. they can only monitor important windows and system operation windows excluding System View. indicating which user can perform operation and monitoring using which types of windows: • Users of privilege level S1 or S2 cannot start System View from the system message window. but can start and operate System View from [Start Menu]. • Users of privilege level S1 can operate and monitor general windows. they can only monitor system operation windows excluding System View. However. • Users of privilege level S3 can operate and monitor all windows. However.Window Authorities The table below shows operation and monitoring authorities on windows. TE33Q4T30-01E 13 YOKOGAWA .

The attributes can be defined to each function block in engineering. The tables below show the relationship of the function block’s data items and the privilege levels in operation and monitoring rights. tag mark types and alarm processing levels. There is no restriction on the combination of security levels. tag mark types and alarm processing levels. R: Monitoring W: Operation The tables on operation and monitoring authority are fixed and cannot be edited.Function Block Security The attributes of function blocks contain security levels. TE33Q4T30-01E 14 YOKOGAWA .

Function Block Security The operation and monitoring authorities for three different function security levels are shown below: Level 2 Level 4 (Default) Level 6 TE33Q4T30-01E 15 YOKOGAWA .

TE33Q4T30-01E The key can be switched to any position. The following two mode selection keys are used to switch the security level: • Operation key (Privilege level S2) The key can be switched between the ON and OFF positions only. 16 YOKOGAWA . The privilege level changed on the keyboard has higher priority than the level set in the user-in dialog box. Changes between the ON.Mode Selection Key When the HIS is connected with an operation keyboard. the privilege level of the user may be changed temporarily using the mode selection key on the keyboard. In the case of the operation key When the engineering key is selected. • Engineering key (Privilege level S3) The key can be switched to any position. OFF positions.

operation authorities return to the original setting. TE33Q4T30-01E 17 INHIBIT YOKOGAWA . Operation marks have the following attributes: • Operation mark type • Color • Comment label • Attachment/removal attribute Color and comment label may be defined with HIS Setup function. When the operation mark is removed. If the builder file is downloaded.Operation Mark To attach or remove an operation mark on a function block may temporarily enable or disable the operation restriction on the instrument faceplate. that file replaces the current file. When an operation mark is attached to a function block. a comment label can be added to the function block or the operation authorities on the function block can be changed temporarily during plant operation.

TE33Q4T30-01E 18 YOKOGAWA . Not used in default.Types of Operation Marks The security levels exerted by operation marks and the types of operation marks are displayed as follows.

The setting of installing/removing is performed in Operation Mark Builder. The relationship between user’s privilege level and the operation rights on installing/removing mark authority is shown below: TE33Q4T30-01E 19 YOKOGAWA .Install or Remove Operation Mark The unauthorized user is prohibited to install / remove the operation mark.