User management

User privileges can be assigned to users and to workstations, allowing users to be granted the same access from everywhere or different access depending where they're logged on. The user interface displays only elements, such as menus, buttons, list items, tree nodes, where the user has at least read access.

Access privileges can be assigned to resources/groups, such as workstations, features, applications, system objects, system object properties and logical groups of these resources.

User authorization

User access rights in Desigo CC are determined by four main factors:

  • The system must know the user (authentication).
  • The user must be assigned to a user group.
  • The user must have the appropriate application rights.
  • The user must have the appropriate scope rights.

If all of these conditions are met, the user can log on to Desigo CC, and read/write objects and perform tasks, depending on the assigned rights.

See Desigo CC Engineering Manual (A6V10415473).

Scopes

Scope is the general term for specific object access in Desigo CC. A scope segments and implements certain rules for the user role in the project. A user only sees the area of the building assigned to him, e.g., pumps, receives only alarms from this area in the event of an emergency and can only acknowledge those alarms. If an emergency occurs in an area that is not in the scope of this user, e.g., ventilators, the user does not receive an alarm about this event.

Communication security

In general, communication channels are non-encrypted due to performance reasons. Exceptions are communication channels for file transfer using web and video transfer. Sensitive data (passwords during authentication or user management configuration) is transferred as encrypted message content.

Wireless input devices (especially keyboards) use radio transmission that is often not or inadequately cryptographically protected. Even from greater distances, it is possible to listen in or even plant external data in the system.

We recommend that you do not use wireless input devices. If you must use wireless input devices, use only devices with proven encryption.

Communication ports and protocols

Which ports are used depends on the actual deployment and subsystem integration of the whole system.

See Desigo CC System Description (A6V10415500).