Built-In Roles

The built-in roles are provided as examples to help you begin security configuration. It is expected that you will modify these and create your own roles.

Logged Off - The privileges available at a workstation when no user is signed in.

No privileges

A VTScada application continues to run whether an operator is signed in or not. Anyone can view any user-created page that is not protected by a custom privilege. All such control actions are logged and attributed to a role named "Logged-Off". This is a role that is built into and standard with every VTScada application.

Use care in granting privileges to the Logged Off account. If you wish to allow certain access to the application for all, then it is better to create a public user account with a carefully restricted set of privileges and publish that user name and password than to grant those privileges to the Logged Off user account.

Thin clients and the Logged Off role:
Many sites will enable signed-out VIC sessions, essentially allowing the Logged Off role to become "signed in" after any other user has signed out. This maintains the connection, which would otherwise close. This applies only to VIC clients, not Anywhere clients.
Look for the option in the Advanced section of the security Administrative Settings (Options) dialog.

Operator - Permits basic operation of a VTScada application.

  • Alarm Mute
  • Alarm Silence
  • Alarm Page Access
  • Reports Page Access
  • History Page Access
  • Page Note Edit
  • Sites Page Access
  • Maps Page Access
  • Operator Notes Page Access
  • Control Outputs
  • Run Batch
  • Recipe Page Access
  • Services Page Access
  • Alarm Acknowledge

Configurer - Permits development of a VTScada application

  • Includes the Operator role, plus:
  • Account View
  • Tag Parameter View
  • Edit Files
  • Deploy Changes
  • Revert Changes
  • Page Add
  • Page Modify
  • Page Delete
  • Tag Add/Copy
  • Tag Modify
  • Tag Delete
  • Group Modify
  • Group Save
  • Group Delete
  • Pen Modify
  • Note Add
  • Thin Client Monitor Access
  • Page Note Hide
  • Advanced Version Control
  • Alarm Shelve
  • Alarm Disable
  • Recipe Edit
  • Edit Roster Contacts
  • Switch Servers
  • Manual Data
  • Questionable
  • Application Stop
  • Configure

SuperUser - Configuration and security management

Includes the Configurer role (and therefore, the Operator role), plus:

  • Account Modify
  • Manager
  • Thin Client Monitor Admin
  • Administrator
  • Application Manager View
  • Edit Data
  • Global Tag & Area Filter

Privileges not granted to any built-in role:

  • Thin Client Access
  • Remote Data Access
  • Remote Tag Value / History Retrieve
  • Manage Tag Types
  • Lock Add/Remove
  • Lock Administrator
  • User-created custom privileges