TAC Vista Technical Manual - User'S Guide For System
High Security Systems, Technical Manual
3 User's Guide for System Configuration
TAC AB, Nov 2006
13 (20)
04-00007-01-en
3
User's Guide for System
Configuration
This is a guide for configuring the Windows and TAC Vista systems in
order to fulfil the requirements of Data integrity of the TAC Vista data-
base.
Create the Users
•
Create a domain in the domain controller. In our example we call it
"PlantTAC". Create the following groups in the domain:
"PlantTAC\VistaAdministrators"
"PlantTAC\VistaOperationManagers"
"PlantTAC\VistaFieldManagers"
"PlantTAC\VistaUsers"
Users belonging to the "PlantTAC\VistaAdministrators" group admin-
ister the security of the TAC Vista database. At least one user must be
created and belong to this group. It is assumed that one of these users is
called "PlantTAC\VistaAdmin".
Users belonging to the "PlantTAC\VistaOperationManagers" group are
supposed to have 'Change authority' for some parts of the TAC Vista
database. They can change all programming and behavior of objects,
create and delete objects and so on. They can also block and acknowl-
edge alarms.
Users belonging to the "PlantTAC\VistaFieldManagers" group should
have 'Write authority" for some objects in the TAC Vista database.
They can change the writeable value property of these objects, typically
"setpoint" values. They can also acknowledge all or some of the alarms.
Users belonging to the "PlantTAC\VistaUsers" group only have 'Read
authority' to the database. They have a general "view" authority, but
cannot change anything or acknowledge alarms.
It is assumed that there is one "PlantTAC\Vista" user that belongs to the
three groups above.
The group "PlantTAC\Domain Users" is predefined and contains all the
users in the "PlantTAC" domain.
The "PlantTAC\Domain Admins" group is predefined and contains all
administrators of the domain. Note that the users in "Plant-
TAC\VistaAdministrators" do not have to be "Domain Admins".