FMS Security Applications

Security applications used in CygNet Software can be enforced at a service and/or, optionally, at a component level. In CygNet Measurement this means the security application can be at the level of the FMS service and/or at the level of an FMS Node, subject to application override.

Permission to perform FMS tasks is granted by enforcing the corresponding security application requirements. "FMS Security Events" tables list which security applications correspond with available FMS security event types and tasks. See FMS Security Events for more information.

See Applications in the Security section for more information about CygNet Software security applications.

Security Application Override

You can optionally define a security application at the FMS Node level. When defined, either at Node creation or by editing Node properties after creation, the FMS Node (component-level) security application can override the FMS (service-level) security application if the values differ. Enter a value (0 - 5) in the Security application property field of the Device Definition for the Node.

Service-Level and Node-Level Security Applications

Depending on the defined security application, whether at the service (FMS) or component (FMS Node) level, permission to perform an FMS task is determined as follows.

Service-Level Security Application

For tasks where the security application is enforced at the service level (FMS), permission is determined as follows.

• When the Node-level security application has not been defined, the service-level security application is used to determine permission.
• When a service-level security application is defined, the security application authorization level (0 - 5) is used to determine permission. If your user authorization level meets or exceeds the FMS event authorization level required for a task, you will be granted permission.

  Example

  For the FMS service, your assigned authorization level is 5 (Admin). Because your authorization level meets or exceeds the FMS event authorization level required for any task, you will be granted permission for all tasks that enforce security at the service level.

Node-Level Security Application

For tasks where the security application is enforced at the component level (FMS Node), permission is determined as follows.

• When the Node-level security application is defined, the Node security application is used to determine permission. If your user authorization level (0 - 5) for the FMS Node meets or exceeds the event authorization level required for a task, you will be granted permission.

  Example

  For the FMS Node, your assigned authorization level is 5 (Admin). Because the security application is defined at the Node level, it can override your assigned authorization level for the FMS service, if the levels differ. When your Node authorization level meets or exceeds the FMS event authorization level required for any task, you will be granted permission for all tasks that enforce security at the FMS Node level.

• When the Node-level security application has not been defined, the service-level security application is used to determine permission, as described for Service-Level Security Application above. If your user authorization level for the FMS service meets or exceeds the event authorization level required for a task, you will be granted permission.

Node-Level Security Application and Historization

For tasks that check the Node-level security application, the system will only use the Node security application that applies as of "now." Whether you are making a change in the past or in the future, you must have the required security application authorization level that is configured in the record that is active "now." If no record is active "now" (for example, it was deleted), then you must have the required authorization level for the service security application in order to be granted permission.