VTS features an integrated Security Manager that supplies all of the routines necessary to implement varying levels of security for each VTS application you develop.
The Security Manager provides the following functions:
• Client/server-based storage of account information.
• Logon/logoff facilities for users at any workstation.
• Convenient dialogs to enable fast development of multiple user accounts.
• Personal account examination and modification by authorized users.
• Examination and modification of all accounts by account managers.
• Security checks for access to Security Manager dialogs and VTS components.
• Logging of all user activity.
The Security Manager is an access regulator, acting as a gateway between users and their applications. Users interact with the Security Manager using a series of dialogs. Each account has four properties:
• Username – a letter/number/symbol combination by which the user is identified;
• Password – a letter/number/symbol combination known only to the user;
• Privileges – a list of access rights for the user; and
• Alternative access code for interface to swipe magnetic cards.
Account passwords are assigned when an account is first created. The password is stored in an encrypted format in the account list, and cannot be viewed onscreen, even by someone with the privileges that are required to modify that password.
Account privileges can be assigned when an account is first created, but can be modified later if the responsibilities of the user should change. These privileges directly determine which VTS components and internal dialogs the user is permitted to access. Thus, certain elements of the system (boiler feed water control, for example) can be accessible only to those possessing the correct security privilege for that component. The system designer can designate up to 65,520 custom-named privilege areas. Script code can test for a particular privilege prior to allowing access to any component of the application.
Entering new users into the security system is simplified by the ability to copy the privileges assigned an existing user and use them as a template for a new user's account. Creating template user accounts with titles such as "operator", "supervisor", and "engineer" makes it easy to quickly create new accounts for different categories of users. The privileges for each individual user's account that has been based on these templates can easily be personalized according to the needs of the user. Note however, that later changes to the template accounts will not affect the privileges of accounts copied from them.
The security system generates an "event" when a user logs on to notify the rest of the system that a logon has taken place. Other components of the system can monitor the Security Manager's logon event and automatically spawn tasks whenever a logon occurs (such as a program to provide the operator with the latest operating "news"). Other optional features include an audit trail of all logon attempts (including the time, date, and username), and automatic log off after a specified period of inactivity. The Security Manager can even be extended to allow users to log on using magnetic cards.