Professional Documents
Culture Documents
FT Security - Editing Multiple Applications
FT Security - Editing Multiple Applications
FT Security - Editing Multiple Applications
Relevant Products
- FactoryTalk View Machine Edition 5.0
- RSView Machine Edition 4.0
The runtime security user list and settings are contained within each application
itself. However, the runtime user list actually references the users and groups
within the FactoryTalk directory. There can only be one active FactoryTalk
directory on a computer (development or runtime).
Issues occur when multiple applications exist on the same computer, and each
application has a different set of users (ex. For different end customers).
_________________________________________________________________________________________________
White Paper – Managing FactoryTalk™ Security for Multiple FactoryTalk™ View Studio Applications
________________________________________________________________________
Introduction
In order to understand the obstacles with multiple applications on the
same computer, one must first understand how the FactoryTalk directory works
with the applications. This section will help describe connection between the
FactoryTalk View application and the Factory Talk directory.
1 - Application Backup
The FactoryTalk directory contains a list of users/groups. This is where the users
and groups are created, modified or deleted.
The FactoryTalk View application does not actually contain users or groups. It
simply contains a list of references to the FactoryTalk directory users/groups.
The FactoryTalk View application also holds the runtime security rights for the
referenced users/groups.
White Paper – Managing FactoryTalk™ Security for Multiple FactoryTalk™ View Studio Applications
________________________________________________________________________
White Paper – Managing FactoryTalk™ Security for Multiple FactoryTalk™ View Studio Applications
________________________________________________________________________
3 – Application Restore
When you perform an application restore, the Application Manager provides you
with the option to restore the FactoryTalk directory from the APA file.
If you choose to restore the FactoryTalk directory, this will overwrite the currently
loaded directory on the local computer.
_________________________________________________________________________________________________
White Paper – Managing FactoryTalk™ Security for Multiple FactoryTalk™ View Studio Applications
________________________________________________________________________
Recommended Procedures
This section will show you one methodology to avoid the issues listed in this
document. The recommended procedure shown here does not implement
development security beyond the installed defaults (i.e. No additional deny/permit
permissions are configured).
_________________________________________________________________________________________________
White Paper – Managing FactoryTalk™ Security for Multiple FactoryTalk™ View Studio Applications
________________________________________________________________________
3. Click “Next”
_________________________________________________________________________________________________
White Paper – Managing FactoryTalk™ Security for Multiple FactoryTalk™ View Studio Applications
________________________________________________________________________
This will allow any user to have full access to the FactoryTalk Security
setup. If you wish to limit the access of users, do this after you have completed
the install. It is highly recommended that you thoroughly read and understand the
security settings before making any changes.
_________________________________________________________________________________________________
White Paper – Managing FactoryTalk™ Security for Multiple FactoryTalk™ View Studio Applications
________________________________________________________________________
It is recommended that you create a 2nd account and add this new user to the
Administrators group of the Local FactoryTalk Directory. This will act as a backup
account, in the event the “Administrator” account is locked out or the password is
lost.
_________________________________________________________________________________________________
White Paper – Managing FactoryTalk™ Security for Multiple FactoryTalk™ View Studio Applications
________________________________________________________________________
(4) Use Windows Explorer to save a copy of the “Default.bak” file to another
location off the local computer (ex. CD, network PC, USB memory stick,
etc).
You will restore and use this default FactoryTalk Directory file each time you
create a new application. This will ensure that a known Administrator account
exists and that you start with a clean directory (no other users have been
added).
_________________________________________________________________________________________________
White Paper – Managing FactoryTalk™ Security for Multiple FactoryTalk™ View Studio Applications
________________________________________________________________________
(2) Open the FactoryTalk Administration Console, for the Local directory.
(3) Right-click on the Local text in the explorer window, and select Restore.
(4) Select the Default.bak you created just after using the FTD Configuration
Wizard.
(5) Press Next and Finish to complete the restore operation.
(6) Run FactoryTalk View Studio and configure the FactoryTalk security users
as needed. Do not change settings for the user “Administrator” or change
the access for the Administrators group.
_________________________________________________________________________________________________
White Paper – Managing FactoryTalk™ Security for Multiple FactoryTalk™ View Studio Applications
________________________________________________________________________
(2) Use the Application Manager to restore the desired new application to
edit. Be sure to select “Restore... application and FactoryTalk Local
Directory”.
(1) Use the Application Manager to backup the application on computer ‘A’.
(2) Copy the application backup file *.APA from computer ‘A’ onto computer
‘B’.
(3) On computer ‘B’, follow the procedure in the above section “To switch
between applications for development”.
_________________________________________________________________________________________________
White Paper – Managing FactoryTalk™ Security for Multiple FactoryTalk™ View Studio Applications
________________________________________________________________________
FactoryTalk View Machine Edition User Accounts with incorrect FactoryTalk directory
Scenario:
1) Backup created for an application when incorrect FactoryTalk Directory
was loaded.
2) Created runtime application when incorrect FactoryTalk Directory was
loaded (ME only)
3) Added/configured users to application with incorrect FactoryTalk
Directory loaded
4) Modified an application when the incorrect FactoryTalk Directory was
loaded.
Result:
1) a) Cannot identify the required administrator access to edit the FTD
after a restore
b) Cannot identify the required runtime users list, as all are GUID’s
2) Will have access to common user accounts, however access is not
possible with unique user accounts
3) User accounts are mismatched over multiple FTD’s. Runtime access
will be limited.
4) Creating a backup of the application will result in a mismatched FTD
and application. A future restore will lead to issues 1-3.
_________________________________________________________________________________________________
White Paper – Managing FactoryTalk™ Security for Multiple FactoryTalk™ View Studio Applications
________________________________________________________________________
Solution:
1) Restore a System Folder with known administrator access. Recreate
users in the FTD and application.
2) Restore the correct System Folder for the application. Recreate
runtime application.
3) Restore the correct System Folder for the application. Delete invalid
user accounts and recreate replacement accounts in FTD and
application.
4) Backup the application as is, to a temporary file name. Restore an
older and valid backup of the application along with its local FTD.
Finally, restore the newly saved temp backup, but do not restore its
FTD.
_________________________________________________________________________________________________
White Paper – Managing FactoryTalk™ Security for Multiple FactoryTalk™ View Studio Applications
________________________________________________________________________
Scenario:
1) After restoring an application or System Folder, the
username/password cannot be located for administrator access
Result:
1) Cannot edit applications or the current FTD. Not possible to revert out
of this scenario to a known FTD backup.
Solution:
1) Restore default FTD security (call Technical Support for this). Recreate
users in the FTD and the restored application.
_________________________________________________________________________________________________
White Paper – Managing FactoryTalk™ Security for Multiple FactoryTalk™ View Studio Applications
________________________________________________________________________
Scenario:
1) A backup of the Application or System Folder was not done before a
restore operation.
Result:
1) Runtime user accounts are lost for the original application. Not
possible to restore the configured user accounts. The FactoryTalk
View users are displayed in hexadecimal.
Solution:
1) Recreate users in the FTD and application
_________________________________________________________________________________________________
White Paper – Managing FactoryTalk™ Security for Multiple FactoryTalk™ View Studio Applications
________________________________________________________________________
Result:
1) a) The correct username and password is known for the account,
but it is not possible to login to the FactoryTalk Administration
Console because of the lockout.
b) The correct username or password is not known for an
administrator account.
Solution:
1) a) Run the FactoryTalk Configuration Wizard for the Local directory.
Use a known administrator username and password (even if it is
locked out).
b) Restore default FTD security (you will need to call Technical
Support for this). Recreate users in the FTD and the restored
application.
_________________________________________________________________________________________________
White Paper – Managing FactoryTalk™ Security for Multiple FactoryTalk™ View Studio Applications