Realm Area Filtering Example 1

The Acme Meaty Pastas Company has a large food processing plant that is run using a VTS application. This application is large enough that two developers are employed.

Onsite, there is one stationary workstation named, MasterControlStation. The system managers wish this workstation to be a VTS Internet Server that will run the application, allowing employees access to the application using Microsoft Internet Explorer with a VIC connection on laptop PCs when they are onsite and when they are away from the plant to ensure smooth, round-the-clock monitoring and control of the system.

The plant has two sections:  a pasta division, and a meat sauce division and its tags have been assigned either to a "Pasta" or a "Meat" area. One developer works for the pasta division and should never use tags from the meat division, and vice versa. The system managers have therefore requested that you create a group for each of these users and restrict them from viewing the other group's tags while developing their respective parts of the application.

The managers would also like to have a group that enables them to logon and monitor both the pasta and meat divisions.

VTS/IS Configuration

A VTS/IS (VTS Internet Server) is a PC with VTS installed and for which a VTS/IS license has been purchased. A VTS/IS enables VICs to access its running VTS applications over the World Wide Web using the Microsoft Internet Explorer web browser.

In this example, the VTS/IS is to be the onsite workstation named, "MasterControlStation".

To establish MasterControlStation as the VTS/IS, the following steps would be required:

 

1.  Select the VAM's Internet Setup button on MasterControlStation. The VTS Internet Client/Server Setup dialog will open similar to the one shown below.

2.  Click the Server Setup tab.

3.  Click the Add button to open the Add Server dialog.

4.  Enter MasterControlStation in the Server field.

5.  Click the Local checkbox.

6.  Click the OK button. You will be returned to the Server Setup tab where the VTS/IS will be referenced.

7.  Click the OK button.

Once you have set up the VTS/IS, you may configure a realm.

Realm Configuration

A realm is a set of one or more VTS applications that run on a VTS Internet Server (VTS/IS). VIC users may access one or more applications contained within a realm over the World Wide Web using Microsoft Internet Explorer, provided that they are able to provide credentials (i.e. a valid username and password) when requested by the VTS/IS.

In this example, three realms are required: a Pasta realm, a Meat realm, and an All realm (for managers).

To create each realm, the following steps are required:

1.  Select the VAM's Internet Setup button on the VTS/IS (MasterControlStation).

The VTS Internet Client/Server Setup dialog will open similar to the one shown below.

2.  Select the Add button in the Authorization Realms section of the VTS Internet Client dialog. The Add Realm dialog will open.

3.  Enter a name for this realm in the Name field (e.g. Pasta).

4.  Click the OK button.

The Add Realm dialog will close, and you are returned to the VTS Internet Client/Server Setup dialog where the name of the new realm will be displayed in the Realm drop-down list.

5.  Click the second Add button. The Add Application dialog will be displayed.

6.  Select the name of the application that you wish to belong to this realm, and to which you wish remote users to have access over the World Wide Web.

7.  Click the OK button.

The Add Application dialog will close, and the selected application will be displayed in the realm's list of applications. (If you wished, you could add as many applications as you wish to this realm by repeating steps 5 through 7). An example of a completed Realms tab is shown below.

8.  Repeat steps 2-7 to add a Meat realm and an All realm.

9.  Click the OK button. The VTS Internet Client dialog will close.

SecurityManager.ini Configuration

To configure your application's SecurityManager.ini file for group logins, the following steps would be required.

1.  Open your application's SecurityManager.ini file on the VTS/IS.

2.  Locate the GroupLogin variable under the [SecurityManager-Admin] section.

3.  Set a value of 1 for GroupLogin.

4.  Locate the NameSpaceDelimiter variable under the [SecurityManager-Admin] section.

5.  Set a value of :: for NameSpaceDelimiter.

[SECURITYMANAGER-Admin]

GroupLogin = 1 

NameSpaceDelimiter = : 

6.  Save and close the SecurityManager.ini file.

Config.ini Configuration

To configure your application's Config.ini file for realm area filtering, the following steps would be required.

1.  Open your application's Config.ini file on the VTS/IS.

2.  Enter the following at the end of the Config.ini file:

[*-REALMAREAS]

Area = *

[Pasta-REALMAREAS]

Area = Pasta

[Meat-REALMAREAS]

Area = Meat

[All-REALMAREAS]

Area = Pasta

Area = Meat

3.  Save and close the Config.ini file.

Group User Security Accounts

The last step in configuring this system would be to create group user security accounts for the operators and managers who will be using the system.

1.  Logon to the application with an existing user account that does not belong to any group and that has at least the Manager privilege (e.g. the Manager1 account).

2.  Click the Logon button (which is now labeled with the username of the account that is currently logged on). The options dialog will open.

3.  Click the Users button. The Accounts dialog will open.

4.  Click the Add button. The Add Account dialog will open.

5.  Enter the group to which this user should belong, followed by the NameSpaceDelimiter, followed by the username in the Username field (e.g. Pasta:JSmith).

6.  Enter a password for this user in the New Password field.

7.  Enter the password in the Confirm Password field.

8.  Select the privileges you wish this user to have. (You must grant at least the Internet Client Access privilege to allow the user VIC access.)

9.  Click the OK button. You will be returned to the Accounts dialog where the new user account will be referenced.

10. Repeat steps 4 through 9 to create as many user accounts as you require for this application for the Pasta, Meat, and All groups.

Page Access

While realm area filtering can prevent users from accessing tags belonging to certain areas through the application configuration tools, any tags that have been assigned to restricted areas and have been drawn on a page will still be viewable by restricted users. It is therefore recommended that you use custom security privileges to restrict access to the pages that you do not wish these users to view. To do so, you would follow the steps below.

1.  Logon to the application with an account that has full privileges and is not restricted to any group.

2.  Click the Logon button that is labeled with the username of the account you have used to logon. The Options dialog will open.

3.  Click the Options button. The Administrative Settings dialog will open.

4.  Click the Add button at the bottom of the Administrative Settings dialog to add a new custom application privilege. The Add Privilege dialog will open.

5.  Enter the name of the new application privilege in the Name of New Privilege field (e.g. Pasta).

6.  Press the Enter key on your keyboard to activate the OK button.

7.  Click the OK button to close the Add Privilege dialog and to add the new application privilege to the system.

8.  Click the OK button to close the Administrative Settings dialog.

9.  Click the Configure button to open the Configuration Toolbox.

10. Click the Libraries button. The Configure dialog will open.

11. Right-click the page with which you wish to associate the new privilege.

12. Select that properties tab from that page’s properties menu.

13. Select the new application privilege you just added from the Page Security Bit drop-down list.

14. Click the OK button to close the Page Properties dialog.

15. Close the Libraries dialog.

16. Close the Configuration Toolbox.