Enhanced Alarm Configuration Security

Enhanced Alarm Configuration security events control user access to the viewing and editing of EAC settings. Adding these events is optional, but in their absence, user access to the EAC settings will mirror any existing configurable bit permissions. Access to alarm settings properties and their configuration in Enhanced Alarm Configuration is determined by a user's permissions levels. Each time a user attempts to perform an action that requires a certain security access level for a given application (for example, suppress an alarm for a point), access is granted or denied by the ACS based on the built-in security event that governs that property.

Security Events for EAC

Security events specific to EAC are part of PNT security. The alarm settings properties use either the ACCESS security event or extended PNT security events. When a user has no configured association to either an EACALL or EAxxdtps event, that user's access resolves to the level that exists for the associated configurable bit.

As an example, if a user's access resolves to NONE, either explicitly with an existing permission setting or implicitly due to the absence of a permission assigned to an existing EAC-based event, their access will resolve to READ if the current level for the associated configurable bit is READ or higher. Otherwise, the access will remain as NONE.

EAxxdtps Event

The EAxxdtps event controls who can see and edit specific configurable bit EAC settings in Alarm Settings and in the Enhanced Alarm Settings dialog box. This event can increase or decrease a user's security privileges from what is established by ACCESS and ALARMSET.

Since distinct EAC settings can be configured for individual configurable-bits, the EAxxdtps event provides specific configurable bit access control in the form of EAxx, where "xx" is replaced by the specific configurable-bit number (e.g. EA01, EA12). Additionally, since a specific configurable bit number may have a different meaning depending on a point’s assigned data type (Analog, String, etc.) and its Point Scheme, the EAxxdtps event allows for point data type and Point Scheme qualification, where "dt" is the data type, (e.g., AI, SI) and "ps" is the Point Scheme ID (e.g., 00, 01, 02).

The EAxxdtps event format is displayed below:

EA<xx><dt><ps> (eight character maximum)

where

EAxxdtps Event Format	Corresponds to	Required or Optional
xx	Config Bit number (01 - 15)	Required
dt	Point Type (AI, AO, AN (I&O), DI, DO, DG (I&O), SI, SO, ST (I&O), EI, EO, EN (I&O)	Optional
ps	Point Scheme (0-15)	Optional

Examples

• EA03EI applies to Config Bit 03 for Enumeration Input points across all Point Schemes defined in the system.
• EA02AN00 applies to Config Bit 02 for Analog Input/Output point data types assigned to the CygNet Standard Point Scheme (00).
• EA01AN01 event, with user permissions of "2-Update", allows a user to edit the EAC settings for the status bit associated with Config Bit 01 (EA01) for Analog Input/Output point types (AN) defined within Point Scheme 1 (01).
• User permissions of "0-None" assigned to EA01AN01 event are ignored and the hiding of EAC settings for this bit is only achieved by hiding the associated Config Bit.

Specific Enhanced Alarm Settings dialog box behaviors and allowable actions for each permission level associated with the configurable bits are shown in the table below.

Event	Authorization	Enhanced Alarm Settings Dialog Box
EAxxdtps	0-None	Hides the status bit entry from the left-hand list.
	1-Read	Shows the status bit in the left-hand list but prevents any modification to the condition or expressions. If "1-Read" access exists for all defined status bits, the Export button is enabled. Import and Clear All are disabled if any one status bit is assigned "1-Read" permissions.
	2-Update	Shows the status bit in the left-hand list and allows modification of the comparison values within the expressions only. The Export button is enabled.
	3-Add	Shows the status bit in the left-hand list, allows modification to the comparison values within the expressions, and allows conditions to be enabled or disabled. The Export button is enabled.
	4-Delete	Shows the status bit in the left-hand list, allows full expression tree modification, allows conditions to be enabled or disabled, and allows the Set status on … drop-down menu to be modified. If "4-Delete" access exists for all defined status bits: The Export, Import and Clear All buttons are enabled. The ability to change the drop-down menu from Separate conditions to Single conditions for all is enabled.
	5-Admin	Same functionality as "4-Delete".

EACALL Event

For systems that do not require specific configurable bit access control, the EACALL event, working in combination with the ACCESS event, determines user access for all EAC settings regardless of the configurable bit number, point data type, or Point Scheme assigned.

Examples

• If Read access is assigned to an Operators security group for the EACALL event, those users are limited to read-only access for all EAC settings.
• If Admin access is assigned to an Administrators security group, those users have full write access to all EAC settings.
• If ACCESS is "0-None", EACALL can increase to "1-Read", which provides read access to all EAC configurable bit settings.
• If all EAC configurable bits resolve to "0-None" (e.g., ACCESS = 0-None and EACALL = 0-None with no EAxxdtps overrides), the Enhanced Alarm Settings dialog box is not available from an Alarm Settings page.