Password Authorization in GraphWorX64
The GENESIS64™ system implements security authorization that ensures the authenticity and confidentiality of data sources. Security authorization includes password authentication in GraphWorX™64 for writing values, procedure calls, data sets, process points and methods, and includes recipe management authorization.
Authorization starts with Global Settings, where you define all data sources, process points requiring security and identify the Performer and Verifier roles. A person can hold the Performer and Verifier role but cannot fulfill both roles for the same operation. Users and Groups define users and what they can and cannot do. See Security Privileges for additional information.
For example, the Performer can be one or more users who review recipe ingredients for donut-baking operations. Authorization can allow the Performer to access a recipe operation without approval, such as saving or copying a recipe item. In contrast, other recipe items require single authorization to perform an activity in GraphWorX64 during Runtime, such as downloading a recipe. However, when the Performer wants to download a specific recipe to change ingredients or upload a new donut recipe, the person assigned to the Verifier role verifies and authorizes or denies the Performer's request—this is known as double authorization.
Recipe Authorization. Using the above example, the donuts recipe authorization roles defined in the Global Settings Authentication tab show the recipe data items rcp:.Donuts:For Kids* and rcp:.Donuts:Managers Choice* that requires double authentication (Performer requests must be verified and approved by the Verifier), while the copy recipe function does not require authorization. View image
See RecipeWorX™ and Recipe Security for additional information.
Users and Group Authorization. After defining authorizations in Global Settings, individual users or groups of users are assigned the Performer and Verifier role. For example, users assigned to the Performer Group are allowed all operations for Top Seller Donuts recipes except for deleting recipes. View image
Authorization in GraphWorX64. Single or double authentication applies to GraphWorX64 Runtime mode, HTML5 and Mobile applications, and other controls, such as Recipe Navigator and Recipe Grid (on the Controls ribbon). The following are examples that can occur during Runtime:
-
While attempting a write value operation in a Runtime simulation, the single authorization dialog asks you, as the Performer, to enter your User Name and/or Password (based on your login status). View image
The authorization dialog displays the Tag name and the Old and New Values. The Old Value is the known number or identifier in GraphWorX64, and the New Value reflects the current value for the authorization request. If the login or the verification process fails, an error appears at the bottom of the authorization dialog.
To complete the Single Authorization:
- Type the User Name and/or Password (only the password is required if you logged into the system).
- Enter the reason for the request in the Comment text box.
-
Click Verify and then OK.
The server logs the event and verifies credentials and authorizes access. Any errors or unauthorized operations appear at the bottom of the authorization dialog.
-
The user selects Download Recipe in Recipe Navigator Runtime. The double authorization dialog appears because this action requires verifier approval. View image
Authorizations use a time stamp (the date and time) when the operation is requested. The time stamp informs the Performer and Verifier of the elapsed time since the original authorization request or verification. The Performer and Verifier can decide not to authorize the request because too much time has expired.
To request authorization:
- The user (Performer) is required to Request Verification from an authorized person.
- Performer enters User Name and/or Password (only password if logged into the system).
- Enters reason for the request in the Comment text box.
- Clicks Verify and then OK.
- The authorized person (Verifier) reviews the request or enters comments.
- The Verifier either clicks Cancel to deny the request or clicks Verify to approve the Performer’s request.
- The Verifier clicks OK. The server logs the event and processes the response to the request.