Security Administrator System Technical Bulletin · 2015. 6. 5. · Security Administrator System Technical Bulletin 7 Object Category Creation During the generation of the All Items

Technical BulletinIssue Date March 31, 2003

© 2003 Johnson Controls, Inc. www.johnsoncontrols.comCode No. LIT-1201528 Software Release 1.0

Security Administrator System

Security Administrator System............................................................3

Introduction......................................................................................................... 3

Key Concepts...................................................................................................... 4

Security Overview ............................................................................................................. 4Authentication Overview ................................................................................................... 4Authorization Overview ..................................................................................................... 5Privileges Overview........................................................................................................... 6Object Category Creation.................................................................................................. 7Object Category Based Privileges Assignment Example.................................................. 9Object Category-Based Privileges .................................................................................... 9System Access Privileges ............................................................................................... 11System Configuration Tool (SCT) Security Scenarios .................................................... 11Security Menu Options.................................................................................................... 12Security Toolbar .............................................................................................................. 13Pop-up Menu................................................................................................................... 14User Properties ............................................................................................................... 15Role Properties ............................................................................................................... 23System Access Permissions ........................................................................................... 25

Detailed Procedures......................................................................................... 27

Creating a New User Account......................................................................................... 27Creating a New Role ....................................................................................................... 27Configuring User Profiles ................................................................................................ 27Assigning Navigation Views ............................................................................................ 27Copying a User ............................................................................................................... 28Deleting a User ............................................................................................................... 28Renaming a User ............................................................................................................ 28Configuring Role Properties ............................................................................................ 28

Security Administrator System Technical Bulletin2

Unlocking a User Account............................................................................................... 29Assigning System Access Permissions .......................................................................... 29

Security Administrator System Technical Bulletin 3

Security Administrator System

IntroductionThe Security System authenticates and authorizes users ofMetasys® system applications. The Security Administrator is abrowser-based interface that manages all accounts.

This document describes how to:

• create a new user account

• create a new role

• configure user properties

• assign navigation views

• copy a user

• delete a user

• rename a user

• configure role properties

• unlock a user account

• assign system access permissions


Key ConceptsSecurity Overview

Use the Security Administrator System to authenticate and authorizeusers on the Metasys system. The Security Administrator allows theoperator to create User Accounts and Roles, and to assign accesspermission to each.

User accounts are assigned to users of the Metasys system. The AuditLog of the Site Director allows users to log specific tasks (audits)using the Audit Trail. The Security System generates the successfuland failed log in attempts and all administrative tasks.

Authentication OverviewSecurity is based on User Accounts and Roles. Roles are groups ofusers with a specific function within the Metasys system. To access thesystem, an individual provides a user account and the correctpassword. Use letters, numbers, or symbols to create user accountpasswords.

Use the Login button from the log in prompt to send the user’scredentials. The User Database validates the user’s information.

A unique Session generates when the user’s credentials match thelogin requirements. The Session allows access on to the system for aconfigurable period. When the credentials do not match, a dialog boxappears indicating that the credentials are incorrect (Figure 1). Thesecurity subsystem generates an Audit Trail and tracks all loginattempts. For more information, refer to the Audit Trail online helpsection.


Figure 1: Log In Error Message

Authorization OverviewAuthorization provides users with the appropriate permissions andprivileges for the Building Automation System (BAS). Use theSecurity Administrator User Interface (UI) create User accounts andgrant privileges to system functionality through Roles or direct Userassignment.


Privileges OverviewPrivileges allow users to perform tasks within the Metasys system.Administrators set up Privileges to determine which actions each useris authorized to perform. A privilege is a group of related user actions(for example, the Intervene privilege includes actions such as, disable,enable, release, and reset).

Privileges are divided into two types: Category-Based andSystem-Based. Category-Based privileges only apply to the categoriesof the Metasys system items or objects (for example, General,Security, and Lighting) for which the user is explicitly authorized.System Access Permissions apply to the Metasys system as a wholeand include actions such as discard events and manage audit history.

Any privileges that can be assigned to a role can also be assigned to auser. Think of a role as a template of privileges that, once created, youcan apply to multiple users. When you assign users to a role, they aregranted the privileges associated with that role. This allows for aneasier and a more centralized administration of users through theadministration of roles.


Object Category CreationDuring the generation of the All Items view, you can assign a singlecategory to each object on the All Items navigation tree, except theSite. Use the pull down menu to select a category to assign to thespecific object. Figure 2 shows the selection process for assigningobject categories.

Figure 2: Assigning Object Categories


Figure 3 shows the object categories as they appear in the SecurityAdministrator System and how the Category-Based privileges areassigned to each object category. Refer to Table 1 for a detaileddescription of the Object Category-Based privileges.

Figure 3: Object Categories


Object Category-Based Privileges Assignment ExampleFigure 4 shows the assignment of a user’s account to a role. Based onthe setup of the role, the user has been granted permission privilegesover a certain category of objects.

Role Category Permission

Assigned toHVAC

FIRE

Operate, Manage Energy

InterveneWith access

A. Smith (User Account) Fire Objects HVAC Objects

Figure 4: Access Control Assignment ExamplePer the example, an Administrator created the Night Guard role andgranted it Operate and Manage Energy privileges over the objectcategories Heating, Ventilating, and Air-Conditioning (HVAC). Therole was also granted the Intervene privilege over the Fire category.Assigning user A. Smith to the Night Guard role gives him all accesspermissions defined by the particular role. Therefore, A. Smith hasaccess to all HVAC objects (items) in the All Items Tree using theactions defined by the privileges Operate and Manage Energy as wellas the Intervene privilege with Fire objects.

Object Category-Based PrivilegesCategory-Based Privileges are applied to specific categories ofMetasys system objects. When users are assigned a Category-BasedPrivilege, they are able to perform the actions associated with thatprivilege only on specific categories of objects for which that privilegeis granted. The Security System has a predefined set of categoriesavailable (for example, HVAC or Fire).

To limit what the User can see, users have access to User NavigationTrees. User Navigation Trees are considered Objects and are assignedto Categories. By assigning a user View access to a Category, that usercan see/traverse all trees assigned to that Category in the NavigationFrame (all folders and Item references of the tree are visible).However, if the user is not assigned View access to a particularCategory of Items, the user is not able to see the details of those Itemsin the View Panel. This limits user access to items (objects, trends, andschedules) within the navigation tree.

Table 1 describes all the predefined Object Category-Based Privileges.


Table 1: Object Category-Based PrivilegesPermission Permission PrivilegesNo Access Designates that the user has No Access to the Items in the specified Category.View View Event, Snooze Event, Focus View in Panel, View Item Value, View Item

on Graphic, View Item in Report, Summary View in Panel, View UserNavigation Trees, View all Extension in Panel, Hyperlink from Graphic, AttributeCommand, Audit Trail

Advanced View When not authorized, Advanced View in the Focus Panel appears dimmed. Ifusers have edit privileges, they are able to edit the advanced attributes.

Operate Adjust, State0 and State1 (Binary Value [BV], Binary Output [BO]), Commentsbased on States Text (Multistate Value [MV], Multistate Output [MO]), Setpoint,Route (trend), Execute (Trend), Recommend (interlock)

Intervene Release, Release All, Override, Override Release, Enable, Disable,Out-of-Service, In Service, Preset Counter, Reset (Pulse Meter, Analog Object),Reset Totalization, Add Recipient and Remove Recipient (notification), CancelDelay Time (analog alarm), Cancel Report Delay (multistate alarm) Clear(trend)

Diagnostic Diagnostic View, Latch/Clear N2 StatisticsThe Diagnostic view is treated the same as the other views.

Manage Item Event Acknowledge, AnnotateApplies to Category-Based Events.

Manage Energy Start/Stop Meter, Cancel Optimal Start (OST) Prestart/Prestop Users musthave Intervene access to reset a Pulse Meter. Reset the Pulse Meter cannot beplaced in this Privilege because the Pulse Meter object uses the samecommand ID as an Analog object.

Modify Items Modify Item cannot add or delete. This includes the following: Schedule,Calendar, Trend Extension, Trend Study, Alarm Extensions, TotalizationExtensions, Graphics, User Navigation Trees, View All Extension in Panel,Hyperlink from Graphic.Users can only set the Category property of a new or modified object in this listto a category that they have configuration access permissions.

Configure Items Add, Modify, Delete an ItemUsers can only set the Category property of a new or modified object in this listinto a category to which they have configuration access permission.


System Access PrivilegesSystem Access Privileges apply to the system as a whole, not toindividual categories of objects or items. Table 2 describes all thepredefined Privileges per System Access Permission.

Table 2: System Access Based PrivilegesPermissions Permission PrivilegesManage Devices & Sites Upload/download, Reset Device, Archive Device, Set Date, Set Time, Force

Archive of Local Repository (Audits and Trends)1. Handles non-Category based Configuration Actions.2. Handles Archive Device, Set Date, and Set Time.3. Gives user permission to view and configure all site and device settings

(for example, Site SNTP Server, Site Server Device, Site Name, DeviceName), access Engineering Views, configure destinations (ADS, printer,pager), set date/time, archive device.

4. Defines Configure as Add, Modify, Delete.Discard AcknowledgedEvent

Applies to all events a user can manage via the Manage Item Events ActionSet or Manage System Level Events Action Set.

Discard All Events Applies to all events a user can manage via the Manage Item Events ActionSet or Manage System Level Events Action Set. This Action Set should beused carefully since it is a System-wide discard.

Snooze All Events Applies to all events a user can manage via the Manage Item Events ActionSet or Manage System Level Events Action Set. This Action Set should beused carefully since it is a System-wide snooze.

Manage System Events Future Use.Manage Audit History Annotate audits.Clear Audit History Clear Audit Log.System Configuration Tool Access to the System Configuration Tool if the Tool is installed on the same

machine as the Site Director.View Metasys SystemStatus

Future Use.

System Configuration Tool (SCT) Security ScenariosWhen the System Configuration Tool (SCT) is part of a Site, there arethree scenarios of how the Security Administration System integratesinto the Site:

1. On a Site where the SCT is not installed on the same PersonalComputer (PC) as an Application and Data Server (ADS) thatis the Site Director, the only function the Security AdministrationSystem plays is to add users and passwords for authentication tothe SCT. Neither the Object-Based nor System-Based permissionsaffect the use of the SCT even though all the functions areavailable.

2. On a Site where the SCT and ADS are installed on the samePC and the ADS is the Site Director, the Security AdministrationSystem on either the SCT or ADS administers the Security Systemfor the Site.


3. On a Site where the SCT and ADS are installed on the samePC and the ADS is not the Site Director (the ADS is only usedfor Data Storage), the Security Administration System function onthe SCT only adds users and passwords for authentication to theSCT. The Site Director for the Site is the Security Administrationfor the ADS acting in the Data Storage Capacity.

Security Menu OptionsThe following menus are available in the Security Administrator.

Table 3: Security Menu OptionsMenu Description

Exit Closes the Security Administrator UI.FileSave Saves the modified Permissions in the

Security grid.Delete Deletes user-defined Role or user-defined

user. Prompts for confirmation before deleting.Properties Opens the Role Properties or User Properties

window.System AccessPermissions

Opens the System Access Permissions dialogbox.

Edit

Account Disabled Marks the selected User Account as Disabled.Next time the user attempts to log in, anaccount disabled message appears. The UserAccount must be re-enabled through the UserProperties.

New User Adds a new user to the tree. The UserProperties Dialog Box appears.

New Role Adds a new role to the tree. The Role PropertyDialog Box appears.

Copy of User Inserts a copy of the selected user in to thetree. The User Properties Dialog box appears.You may edit the copied user’s attributes.

Insert

Copy of Role Inserts a copy of the selected role in to thetree. The Role Properties Dialog Box appearsallowing you to edit the copied roles.

View Tool Bar Displays the Security Administrator Toolbar.Help Topics Opens Online Help. Security help unavailable.HelpAbout SecurityAdmin

Opens the About Security Admin popup. Theversion information and Johnson Controls, Inc.copyrights appear.


Security ToolbarTable 4 describes the Security toolbar options.

Table 4: Security ToolbarIcon Description

Adds a new User to the tree. The User’s Property Dialog Boxappears.Adds a new Role to the tree. The Role Properties Dialog Boxappears.Marks the selected User Account Disabled and forces the user offthe system.Note: The user is not allowed back on the system until the UserAccount is re-enabled via the User Properties. The icon in the treevisually indicates that the account is disabled.Opens the System Access Permissions Window.Note: If a predefined Role or predefined User is selected, theSystem Access Permissions are Read-Only.Saves the Category-Based Permissions information.

Opens the Online Help.

Users and RolesKeep the following points in mind regarding Users and Roles:

• The Users must have one or more roles in the system. The defaultrole is USER. The USER role is assigned to the HVAC Categorywith view access only (View Action Set).

• The predefined set of Users may not be deleted or renamed.However, the predefined Users may be added/deleted to/fromRoles and the Users may be copied. The Access Permissions andProperties of the predefined Users can be viewed but not edited.

• The predefined set of Roles may not be deleted or renamed.However, Users may be added/deleted to/from the Roles and theRoles can be copied. The Access Permissions on the predefinedRoles can be viewed but not edited.

• The Users in the Administrator Roles have full access to theSystem. The Administrator Role cannot be deleted. The built-inadministrator account is called the MetasysSysAgent. The factorysupplied password is, XMG3-Rel.1.This user has full access to thesystem. This user belongs to the Administrator Role. TheMetasysSysAgent administrator account cannot be deleted orremoved from the system.


Figure 5 Access PermissionsFigure 5 shows the differences between Roles and Users permissions.The two heads indicate the permission is from the Roles level. Thesingle head indicates that the permissions are from the Users level.

Pop-up MenuWhen you right-click on a selected item, a pop-up menu appears. TheSecurity Administrator has one pop-up menu.

The Roles and Users pop-up menu appears when users right-click on aselected item.

Table 5: Roles and Users Pop-up MenuField DescriptionDelete Deletes the selected Role or User information.Copy of Inserts a copy of the selected Role or user in to the tree.Properties* Opens the Role Properties or User Properties dialog box.System AccessPermissions*

Opens the System Access Permissions dialog box.

* If a predefined Role or predefined User is selected, the System AccessPermissions are Read-Only.


User PropertiesThe User Properties Dialog Box defines users within the system. Thetabs include: User Properties, User Profile, Roles, Time Sheet, andAccount Policy.

User Properties TabThe User Properties tab defines the general information about the userincluding, the user name, the type of account, and the passwordinformation (Figure 6).

Figure 6: User Properties Tab


Table 6: User Properties Tab ParametersField Description Default

ValueRequired

User Name Displays the login name of the user. Usernames asdefined intree.

Yes

Description Displays a description of the user. NoPassword Displays the password of the user. Metasys3 YesVerify Password Verifies the letters, numbers, and symbols typed in

to the Password box.Metasys3 Yes

Single Access User Allows the user to log in to the account once. Afterlogging in once, the account becomes disabled.

Unchecked No

Temporary User Allows the user to access the system as aTemporary User. The User can access the accountas long as it has not expired. When expired, theuser is forced off the system.

No

Expires On Allows the user to specify the date in which aTemporary User is no longer allowed to accessaccounts.

1 day Yes, iftemporaryuserselected.

User Must ChangePassword at NextLogon

Requires that the users change their passwords atthe next login.

Checked No

User Cannot ChangePassword

Locks out the ability to change the password. Unchecked No

Account Disabled Disables the User Account. Unchecked NoAccount Locked Out Allows the Administrator to reset a locked out user

account.Unchecked No

User Can Modify OwnProfile

Allows the users to update their own profileinformation. The Administrator can also change orupdate the profile information from the User ProfileTab.

Checked No

User Can View the ItemNavigation Tree

Designates that a user can view the Item NavigationTree. Checking this does not necessary mean thatthe user can view access to all Items in the tree. Theuser must have View Access to all Categories thatcontain items within the tree.

Checked No


User Profile TabThe User Profile tab goes into greater detail than the User Propertiestab about the users. The Administrator sets the language and thedefault navigation view that the user sees when logging in to thesystem (Figure 7).

Figure 7: User Profile Tab


Table 7: User Profile Tab ParametersField Description Default Value RequiredFull Name Displays the full name of the user. NoEmail Displays the e-mail address of the user. NoPhone Number Displays the telephone number of the user. NoLanguage Displays a drop-down list of the NAE supported

languages.English(United States)

Yes

Default NavigationView

Displays a drop-down list of availableNavigation Views. The selected views appearupon login.

Item NavigationTree

Yes

Enable Audible AlarmIndication

Allows user to hear a sound when an alarmoccurs.

Checked No


Roles TabThe Roles Tab allows administrators to provide access privileges to agroup of users without editing each individual profile. Administratorsassign a user to one or more Roles (Figure 8).

Figure 8: Roles Tab

Table 8: Roles Tab ParametersField Description Default Value RequiredAvailableRoles

Displays the roles to which the selected user is notassigned.

All availableroles, minus theUSER role.

AssignedRoles

Displays the roles to which the selected user is notassigned. All users need to be assigned to at leastone role.

USER At least oneRole.

Add Moves the roles from the Available Roles list box tothe Assigned Roles list box.

Remove Moves the roles from the Assigned Roles list box tothe Available Roles list box. All associated accessprivileges are also removed.


Time Sheet TabThe Time Sheet tab allows administrators to place time-of-dayrestrictions on users. When hours are selected, users may log in to thesystem. Access is denied when users try to log in during unselectedhours (Figure 9).

Figure 9: Time Sheet Tab

Table 9: Time Sheet ParametersField Description Default Value RequiredSelect/UnselectTime-of-day

Allows administrators to select when users areable to access the system.

All hours selected Yes

Grace Period(minutes)

Designates the amount of time users havebefore they are forced off the system. Onceforced off, the user is no longer able to log in.The time ranges from 0 to 60 minutes.

5 Yes

Legend Displays what the color boxes mean in the TimeSheet table.


Account Policy TabThe Account Policy tab controls how passwords are used by the useraccount, account lockout policy, and the inactive session policy(Figure 10).

Figure 10: Account Policy Tab


Table 10: Account Policy Tab ParametersField Description Default ValuePassword Never Expires When selected, the password never expires. UnselectedExpires In (days) When selected, the user must enter the

number of days until the password expires.Selected (90 days)

Do Not Keep Password History When selected, the system does notremember the password history.

Unselected

Remember Password When selected, the system remembers thepassword. The system does not allow the userto repeat the same password.

Never Terminate When selected, the session never terminates. UnselectedTerminate In (minutes) When selected, the Administrator must enter

the amount of time the user remains inactivebefore the session terminates and the user isunable to log back in to the system.

Selected (20 minutes)

No Account Lockout When selected, the account does not lockout.Lockout after bad attempts When selected, the account locks out after the

designated amount login attempts.


Role PropertiesThe Role Properties tab defines the Roles of users within the system.When you assign users to a Role, it gives the users all access privilegesassigned to the Role. Roles can be assigned from the User tab of theRole Properties dialog box or the Roles tab from the User Propertiesdialog box.

Role Properties TabThe Role Properties tab defines the general information about the Role(Figure 11).

Figure 11: Role Properties Tab

Table 11: Role Properties Tab ParametersField Description Default Value Required

Role Name Displays a unique name of the Role. Role Name as definedin tree.

Yes

Description Displays a description of the Role. No


Users TabThe Users Tab allows administrators to assign users specific Roles(Figure 12).

Figure 12: Users Tab

Table 12: Users Tab ParametersField Description Default ValueAvailable Users Users that are not assigned to the Role. All Available Users.Assigned Users Users assigned to the Role.Add Moves the users from the Available Users list box to the

Assigned Users list box. Once in the Assigned Users listbox, the Role access privileges are granted.

Remove Moves the users from the Assigned Users list box to theAvailable Users list box. Once in the Available Users listbox, the Role access is removed.


System Access PermissionsThe System Access Permissions has two separate dialog boxes: one forthe Role Assignment and one for the User Assignment. Administratorsassign System Privileges directly to a User or Role. The Privilegesapply to the System as a whole, not just to the Items or Categories.

System Access Permissions—User Assigned

Figure 13: User Assigned Privileges Dialog Box

Table 13: Role Assignment ParametersField Description Default ValueAvailable Privileges Displays the available privileges that may be

assigned to a user.All AvailablePrivileges.

Assigned Privileges Displays the Privileges assigned to the user.Add Moves the selected Privileges from the Available

System Privileges list box to the Assigned SystemPrivileges list box. Privileges are then assigned tothe Users or Role.

Remove Moves the selected Privileges from the AssignedSystem Privileges list box to the Available SystemPrivileges list box. Privileges are then unassignedfrom the User or Role.


System Access Permissions—Summarized

Figure 14: Summarized Privileges Dialog Box

Table 14: User Assigned Tab ParametersField DescriptionAvailable System Privileges Displays the available System Action Set.Assigned System Privileges Displays the System Privileges assigned to the user.Add Moves the selected Privileges from the Available System Privileges list

box to the Assigned System Privileges list box. Privileges are thenassigned to the Users or Role.

Remove Moves the selected Privileges from the Assigned System Privileges listbox to the Available System Privileges list box. Privileges are thenunassigned from the User or Role.


Detailed ProceduresCreating a New User Account

To create a new user account:

1. From the menu bar, select Insert > New User. The User Propertiestab appears.

2. Fill in the information. Refer to Table 6.

3. Click OK. The New User appears in the tree.

Creating a New RoleTo create a new role:

1. From the menu bar, select Insert > New Role. The New RoleDialog box appears (Figure 11).

2. Fill in the information. Refer to Table 11.

3. Click OK. The New Role appears in the tree.

Configuring User ProfilesTo configure user profile:

1. Select the user whom you wish to configure.

2. From the menu bar, select Edit > Properties. The User Propertiestab appears (Figure 6).

3. Modify the desired user information.

4. Click OK.

Assigning Navigation ViewsTo assign navigation views:

1. Select the user whom you wish to assign navigation views.


3. Check User Can View the Item Navigation Tree (Default Tree).

4. Click OK.


Copying a UserTo copy a user:

1. Select the user whom you wish to copy.

2. From the menu bar, select Insert > Copy of User. The Propertiesfor User Copy of <user> dialog box appears.

3. Make the necessary modifications.

4. Click OK.

Deleting a UserTo delete a user:

1. Select the desired user to delete from the tree.

2. From the Edit menu, select Delete. The Delete <user> dialog boxappears confirming the user should be deleted.

3. Click Yes.

Renaming a UserTo rename a user:

1. Select the user whom you wish to rename.

2. From the Edit menu, select Properties. The User Properties tabappears (Figure 6).

3. Type new name.

4. Click OK.

Configuring Role PropertiesTo configure role properties:

1. Select the user whom you wish to configure.


3. Select the Roles tab.

4. From the Roles tab, select an Available Role.

5. Click Add. The selected role appears in the Assigned Role list box.

6. Click OK.


Unlocking a User AccountTo unlock a user account:

1. From the menu bar, select Edit > Properties. The Users Propertiestab appears (Figure 6).

2. Clear the Account Locked Out check box.

3. Click OK. The user is now able to log in to the system.

Assigning System Access PermissionsTo assign system access permissions:

1. Select the user whom you wish to assign system accesspermissions.

2. From the main menu, select Edit > System Access Permissions.The System Access Permission dialog box appears (Figure 13).

3. Select an available privilege.

4. Click Add.

5. Click OK. The System Access Permissions have been assigned forthe selected user.

Controls Group507 E. Michigan StreetP.O. Box 423 www.johnsoncontrols.comMilwaukee, WI 53201 Published in U.S.A.

Documents

Security Administrator System Technical Bulletin · 2015. 6. 5. · Security Administrator System Technical Bulletin 7 Object Category Creation During the generation of the All Items