Securing KPIWorX
KPIWorX can interact with ICONICS security. For more information on creating users and managing security see GENESIS64 Security - Quick Start.
Logging In
Users can log into ICONICS security using the login button in the header or the login widget. For more information about the login widget, see: System Controls.
Seeing Who is Logged In
When a user is logged in, the login button will change from to . Selecting the login button will show some basic information about the logged-in user, and provide the option to log out, log in as a different user, or change the user's password.
Login Dialog Displaying User
The login widget will also display the currently logged-in user. For more information about the login widget, see: System Controls.
Controlling Who Can See and Modify a Saved Dashboard
When saving a dashboard, you can save it with three different kinds of visibility: public, private, and shared. You must be logged in to use the private or shared options. (For more information on saving a dashboard, see: Save and Load Dashboards.)
Note: As of version 10.95, there is no way to separately restrict who can modify a dashboard. If a user can see a dashboard, they can modify or remove it. Separate modification permissions are coming in a later version.
Public Visibility
This is the default option when saving a dashboard. Any user, including users who have not logged in, can view or modify public dashboards.
Private Visibility
Dashboards saved as private will only be visible to the user who saved them.
Shared Visibility
"Shared" or "group" dashboards are shared among an ICONICS security group. Instead of picking public or private, the user can pick a group name. All users who are members of that group will be able to view and modify this dashboard.
Require Login to Save Dashboards
By default, all users can save dashboards, even those who are not logged in. This can be disabled in Workbench through Security > Groups (or Users) and un-checking the box next to KPIWorX > Menu > Save.
Application Actions in Workbench
Controlling Point and Alarm Visibility
All dashboards obey the settings on the Points and Alarms tabs in the ICONICS security server. If configured, users may be required to log in to see data or alarms, write to points, or acknowledge alarms.
Dashboards also obey the Commands secured in the Application Actions section of the security server. Commands may be executed from custom symbols.
Dashboards do not currently respect the Files tab in the security server. To control access to dashboard files, see the previous section.
For more information on how to configure security for points, alarms, application actions, or files, see: <link>.
Securing KPIWorX Favorites
The Favorites section of the KPIWorX tag browser can store two types of favorites, public or private favorites. Public favorites have the potential to be viewed by any user, but private favorites can only be viewed by the user who saved them.
The ICONICS security server has a tab for KPIWorX Favorites. This tab control who can create and view public favorites. The KPIWorX Favorites tab contains two permissions types, see and modify. Granting a user see permission allows them to see the public favorites that match that row. Granting a user modify permission allows them to delete it.
Users must have modify permission for * (all favorites) in order to add new favorites.
Note: Logged-in users can always save private favorites, regardless of the KPIWorX Favorites tab.
When security is disabled, or the default group has been granted modify permission for * (all favorites), favorites saved by users who are not logged in will be saved as public favorites. If security is enabled and the default group has not been granted modify permission for * (all favorites), then users who are not logged in will be unable to save favorites. Favorites saved by these users will not persist after the page is reloaded or another user logs in.
Write Licensing
If your dashboard contains symbols that allow the user to write to tags (process points or pick actions), in addition to ensuring that the logged-in user has the proper permission on the Points tab, the user or group must also have the Write Licensing box checked. This box is checked by default.
See Also: