Relevant only on workstations whereReadOnlyStation is set. Does not apply otherwise. A full discussion is provided in the topic, Read-Only Workstation.
This is a bitwise value that controls which system privileges are enabled at a read-only workstation. Operators signed in at that workstation must also possess each enabled privilege. This mask does not grant privileges to those who do not otherwise possess them. See also: StationMaskApp
The default system privilege mask for a read-only workstation does not grant the configuration privilege or the edit files privilege. If you configure the workstation you are using to be read-only, you will have no means to do further configuration at that workstation, or even to reverse that change. Your only recourse will be to move to another workstation on your system and use the Version Control system to reverse the change.
*******************************************************
*** DEFINING A WORKSTATION TO BE READ-ONLY ***
*** IS BEST DONE FROM ANOTHER WORKSTATION. ***
*******************************************************
(A remote connection using a VIC or Anywhere client does not count as working at another workstation. Do not proceed unless your application has a Client / Server Configuration)
While there is a default value for this property, it will not be visible in your Application Configuration dialog.
The default is copied below for your convenience and can be used as a starting point when defining your own StationMaskSys. A comment is provided above the value to help you count the bits from right to left.
Section: <SecurityManager-Admin> ; 40 30 20 10 ; 98765432109876543210987654321098765432109876543210
StationMaskSys = 10100110000100001010000000100000000000101000000100
The default value permits only the following privileges. The signed on operator must also posses these privileges, because setting a privilege in the station mask does not grant that privilege to any operator who has not already been granted it.
(The following refers to the default value, as shown in the example.)
2 - Account Modify
9 - Application Stop
11 - Tag Parameter View
23 - Thin Client Access
31 - Alarm Page Access
33 - History Page Access
38 - Page Note Hide
43 - Sites Page Access
44 - Maps Page Access
49 - Global Tag & Area Filter
|
Bit Number |
System Privilege |
|---|---|
|
0 |
Configure |
|
1 |
Account View |
|
2 |
Account Modify |
|
3 |
Accounts Manager |
|
4 |
Security Administrator |
|
5 |
Alarm Disable |
|
6 |
Manual Data |
|
7 |
Questionable |
|
8 |
Alarm Acknowledge |
|
9 |
Application Stop |
|
11 |
Tag Parameter View |
|
14 |
Edit Files |
|
15 |
Deploy Changes |
|
16 |
Revert Changes |
|
17 |
Page Add |
|
18 |
Page Modify |
|
19 |
Page Delete |
|
20 |
Tag Add/Copy |
|
21 |
Tag Modify |
|
22 |
Tag Delete |
|
23 |
Thin Client Access |
|
24 |
Alarm Mute |
|
25 |
Alarm Silence |
|
26 |
Group Modify |
|
27 |
Group Save |
|
28 |
Group Delete |
|
29 |
Pen Modify |
|
30 |
Note Add |
|
31 |
Alarm Page Access |
|
32 |
Reports Page Access |
|
33 |
History Page Access |
|
34 |
Deprecated |
|
35 |
Thin Client Monitor Access |
|
36 |
Thin Client Monitor Admin |
|
37 |
Page Note Edit |
|
38 |
Page Note Hide |
|
39 |
Advanced Version Control |
|
40 |
Application Manager View |
| 41 | Manage Tag Types |
| 42 | Alarm Shelve |
| 43 | Sites Page Access |
| 44 | Maps Page Access |
| 45 | Operator Notes Page Access |
| 46 | Edit Data |
| 47 | Remote Data Access |
| 48 | Control Outputs |
| 49 | Global Tag & Area Filter |
| 50 | Change recipes |
| 51 | Start recipe batches |
| 52 | Open the recipe page |
| 53 | Edit contacts in Roster tags. |
| 54 | Restricts access to the main History table when making remote queries. (Access to defined SQL Views can permitted on a tag-by-tag basis.) |
| 55 | User may access the Services page |
| 56 | User may force a service to change servers |
| 57 | User can create Control Locks and can remove Control Locks over which the user has "ownership" |
| 58 | User can remove any Control Lock |
| 59 | |
| 60 | Able to release a control token from any tag. |
