Point Service (PNT) Security
Security for the PNT service is administered by the Access Control Service (ACS). As with other CygNet services, security is set on an application and event basis. The application name of the PNT service is defined in the service configuration file using the keyword ACS_APPLICATION. The default is “PNT.” The security events are listed in the PNT Events table below.
The following tables provide details about PNT security settings. See also Security.
| Service Application Name | Main Security Event | Component-Level Security | Subject to Application Override |
|---|---|---|---|
|
PNT (name defined in service configuration file) |
ACCESS (name defined in service configuration file) |
Yes |
No; however, FAC component-level security sets an Application Override. |
PNT Events
| Event | Event Description | Authorization | Tasks |
|---|---|---|---|
|
Service content management |
0-None |
View list of points in the service |
|
|
1-Read |
View properties of points |
||
|
2-Update |
Edit points |
||
|
3-Add |
Add points |
||
|
4-Delete |
Delete points |
||
|
5-Admin |
Full permission for all service Events (except ODBC) regardless of the authorization for those Events or Application Override |
||
|
Access to alarm setpoint (Analog/Digital/Enumeration/String) properties Note: This event only applies to the Alarm Settings dialog box invoked from CygNet Studio screens or to the COM API exposed through the CxPnt.dll. This event works in combination with the ACCESS event to potentially increase a user’s permissions to see or modify the point properties associated with alarm settings. Permissions set on the ALARMSET event will never decrease a user’s access to the alarm settings properties. |
0-None |
None |
|
|
1-Read |
View alarm settings |
||
|
2-Update |
Edit alarm settings |
||
|
3-Add |
Add alarm settings |
||
|
4-Delete |
Inclusive |
||
|
5-Admin |
Inclusive |
||
|
Access to point record alarm suppression (Analog/Digital/Enumeration/String) properties Note: This event only applies to the Alarm Suppression Settings dialog box invoked from CygNet Studio screens or to the COM API exposed through the CxPnt.dll. |
0-None |
None |
|
|
1-Read |
View Alarm Suppression properties |
||
|
2-Update |
Edit Alarm Suppression properties |
||
|
3-Add |
Inclusive |
||
|
4-Delete |
Inclusive |
||
|
5-Admin |
Inclusive |
||
|
(where xx represents the bit number: Config Bit 01 - Config Bit 15) |
Access to point record configurable bit (Analog/Digital/Enumeration/String) properties Note: This event only applies to the Alarm Settings dialog box invoked from CygNet Studio screens or to the COM API exposed through the CxPnt.dll. This event works in combination with both the ACCESS and ALARMSET events to potentially increase a user’s permissions to see or modify the properties associated with specific configurable bit. Permissions set on a specific CFGBITxx event will never decrease a user’s access to the properties of the specific configurable bit. |
0-None |
None |
|
1-Read |
Authorize user to view the specified configurable bit’s properties |
||
|
2-Update |
Authorize user to edit the specified configurable bit’s calculation parameter values if any |
||
|
3-Add |
Inclusive Authorize user to enable or disable the "CVS Calculation" property of the specified configurable bit along with permission to set its "Alarm Priority", "Report to CAS", "Report to GNS" and "Delay Reporting" properties |
||
|
4-Delete |
Inclusive |
||
|
5-Admin |
Inclusive |
||
|
the bit number: Config Bit 01 - Config Bit 15, dt represents the Point Type, and ps represents the Point Scheme 0 -15) |
Access to who can see and edit specific Config Bit settings (Analog/Digital/Enumeration/String) properties Note: This event works in combination with both the ACCESS and ALARMSET events to potentially increase or decrease a user’s permissions to see or modify the properties associated with specific configurable bit. |
0-None |
None Row that represents this bit number is hidden from view in associated dialog boxes. |
|
1-Read |
Authorize user to view settings of the status bit associated with a specified configurable bit and optionally, a specified point type and Point Scheme. |
||
|
2-Update |
Inclusive Authorize user to edit only the comparison values within EAC expressions associated with the specified configurable bit and optionally, a specified point type and Point Scheme. |
||
|
3-Add |
Inclusive Authorize the user to enable or disable the EAC condition associated with the specified configurable bit and optionally, a specified point type and Point Scheme. |
||
|
4-Delete |
Inclusive Authorize user for full EAC properties and expression tree modifications of the condition associated with the specified configurable bit and optionally, a specified point type and Point Scheme. |
||
|
5-Admin |
Inclusive |
||
|
Access to point record Comments property Note: This event only applies to the Comments dialog box invoked from CygNet Studio screens or to the COM API exposed through the CxPnt.dll. |
0-None |
None |
|
|
1-Read |
View Comments property |
||
|
2-Update |
Edit Comments property |
||
|
3-Add |
Inclusive |
||
|
4-Delete |
Inclusive |
||
|
5-Admin |
Inclusive |
||
|
the bit number: Config Bit 01 - Config Bit 15, dt represents the Point Type, and ps represents the Point Scheme 0 -15) |
Access to who can see and edit specific Config Bit EAC settings in Alarm Settings and the Enhanced Alarm Settings dialog box. See Enhanced Alarm Configuration Security for more information. Note: This event can increase or decrease a user's security privileges from what is established by ACCESS and EACALL. |
0-None |
None Row that represents this bit number is hidden from view in the EAC Settings dialog box. |
|
1-Read |
Authorize user to view settings of the status bit associated with a specified configurable bit and optionally, a specified point type and Point Scheme. |
||
|
2-Update |
Inclusive Authorize user to edit EAC settings for the status bit associated with a specified configurable bit and optionally, a specified point type and Point Scheme. |
||
|
3-Add |
Inclusive Authorize the user to add EAC settings for the status bit associated with a specified configurable bit and optionally, a specified point type and Point Scheme. |
||
|
4-Delete |
Inclusive |
||
|
5-Admin |
Inclusive |
||
|
Access to who can see and edit specific Config Bit EAC settings in the PNT Editor and the Enhanced Alarm Settings dialog box. Applies generally to all EAC configurable bit access. See Enhanced Alarm Configuration Security for more information. Note: This event works in combination with the ACCESS event to potentially increase a user’s permissions to see or modify the point properties associated with enhanced alarm settings. |
0-None |
None If all EAC configurable bits resolve to 0-None (for ACCESS and EACALL) the Enhanced Alarm Settings dialog box is not available. However, if a configurable bit associated with an EAC condition has at least 1-Read access, that EAC condition is elevated to 1-Read as well. (See Config-bit Events topic). |
|
|
1-Read |
Authorize user to view all EAC configurable bit settings, but prevents any modification to the EAC condition or expressions. However, when a configurable bit associated with an EAC condition has been given 0-None access, the EAC condition associated with that configurable bit is hidden because all settings of the configurable bit are hidden. |
||
|
2-Update |
Inclusive Authorize user to edit only the comparison values within the EAC expressions while preventing modification of any other condition or expression attributes or structure. |
||
|
3-Add |
Inclusive Authorize user to enable or disable individual conditions while preventing modification of any other condition or expression attributes or structure. |
||
|
4-Delete |
Inclusive Authorize user to modify all condition or expression attributes and structure. |
||
|
5-Admin |
Inclusive |
||
|
Access to edit the Manual update mode setting for a point See Manual Edit Event Security Notes below. |
0-None |
None |
|
|
1-Read |
View manual update mode for a point |
||
|
2-Update |
Edit manual update mode for a point |
||
|
3-Add |
Inclusive |
||
|
4-Delete |
Inclusive |
||
|
5-Admin |
Inclusive |
||
|
ODBC |
Access service records from an ODBC-compliant application |
0-None |
None |
|
1-Read |
View records in the service |
||
|
2-Update |
Edit existing records |
||
|
3-Add |
Add records |
||
|
4-Delete |
Delete records |
||
|
5-Admin |
Inclusive |
||
|
Access to point record Questionable/Verified flags Note: This event only applies to the Questionable State dialog box invoked from CygNet Studio screens or to the COM API exposed through the CxPnt.dll. |
0-None |
None |
|
|
1-Read |
View Questionable/Verified properties |
||
|
2-Update |
Edit Questionable/Verified properties |
||
|
3-Add |
Inclusive |
||
|
4-Delete |
Inclusive |
||
|
5-Admin |
Inclusive |
||
|
SVCINFO |
Miscellaneous GenServe security management Note: The SVCINFO event allows changes to log settings and use of the GlobalFunctions method SetGenserveInfo without requiring higher privileges on other actions. Other tasks are listed at right. |
0-None |
None |
|
1-Read |
Change queue translations This event is used by DBS services to avoid full replication resyncs after failovers. |
||
|
5-Admin |
Permission level required to perform the following tasks:
|
Alarm Settings Events Security Notes
The PNT security events that govern the viewing and editing of alarm settings properties for a point are ACCESS, ALARMSET, ALMSUPP, CFGBITxx, CBxxdtps, COMMENT, EAxxdtps, EACALL, and QUESTION.
These alarm settings properties use either the ACCESS security event or one of these 'extended' PNT security event(s), whichever has the higher authorization. For example, if a user has an ACCESS level of 3-Add and COMMENT level of 2-Update, they will be granted a security level of 3.
The following Help topics provide additional information about configuring alarm settings in CygNet Studio and via script:
- See Configuring Alarm Settings for information about viewing and editing alarm settings governed by these extended security events in CygNet Studio.
- See CxPnt.dll for information about script methods available for manipulating alarm settings properties that support these extended security events.
ALARMSET vs. CFGBITxx
There are differences in functionality available for the ALARMSET and CFGBITxx security events.
If you have ALARMSET level 3-Add (or greater), then you can retrieve and set all alarm settings including all settings for all configurable bits. If you have CFGBITxx level 3-Add (or greater), but level 0-None for ACCESS and ALARMSET, then you may change all CFGBITxx specific settings (Enable/Disable, Calc. Value 1, Calc. Value 2, Alarm Priority, Report to CAS, Report to GNS, Delay Reporting, etc.).
Manual Edit Event Security Notes
To edit the Manual update mode flag on a point (on the General page in the PNT Editor), the following security checks are made.
First, the system checks to see if the user is an administrator on the PNT’s application (ACS_APPLICATION) and the main security event for the service (DBS_MAIN_SEC_EVENT). These keywords are configured in the PNT service configuration file. The default values are "PNT" and " ACCESS" respectively.
If the user has a security access level of "5 - Admin" on the PNT.ACCESS security event, then the user is a service administrator and may edit any point attribute.
If the user is not a service administrator, then the following checks are made.
The security event to check for editing the Manual Update Mode flag will be on the specified Application for the point. The Application to be used is the first non-blank entry (in the following order) for:
- The point record's ACS Application field.
- If the point has a facility, then the Facility record's ACS Appl. field.
- The specified Application for the PNT in the PNT service configuration file (usually "PNT").
The security event to use is either the configured main security event for the PNT or the defined Manual Edit event as given below:
- For the event configured with the keyword DBS_MAIN_SEC_EVENT (usually "ACCESS"), the access level must be at least "2 - Update".
- For the MANLEDIT event, the access level must be at least "2 - Update."
More:
PNT Configurable Bit Security Events
