Domain user permissions
FactoryTalk Remote Access Manager
allows you to define user permissions for devices, groups, and individual user accounts. Devices, groups and user accounts inherit the permissions defined for the folder in which they are stored.Domain subfolders
are useful for setting up specific access control settings for different business units, regions, or operations as appropriate for your environment. Rules assigned to subfolders and individual devices have priority over rules in the parent folders that contain them.You can set exceptions in a user's permissions settings, even if the user belongs to a group with pre-defined settings.
- InFactoryTalk Remote Access Managerselect .
- In the left pane, select the folder or device for which you wish to set user permissions, then access thePermissionssection in the right pane.
- If the user for which you would like to set permissions is not listed in thePermissionssection, add it by clicking the circled plus icon at the top right of the pane.
- Select the user or group and expand thePermission operationssection.
- Allow or deny permissions, as needed.
The following table shows the domain user permissions available. Each permission includes a set of granular permissions that can be allowed or denied.
Administration | Allows you to manage operations related to the domain organization in terms of folders and access control. | |
Access User Accounts | Allows access to user profiles that are defined within folder paths and sub-paths for which the permission is given. | |
Manage User Accounts | Allows permission assignments and creation, editing and deletion of user accounts. | |
Manage Folders | Allows you to create, edit, move, and remove folders. | |
View Connection Audit | Allows access to the connections log. | |
View Operations Audit | Allows access to the administration log. | |
Network Security | Allows you to manage the firewall configuration. | |
Device Installer | Allows you to manage devices within a specific domain. | |
Interactive Access | Allows you to interact with the remote device as a viewer and/or with read and write rights. | |
View the Desktop | Allows the Remote Desktop view only, whereas interaction is not allowed. | |
Interact with the Desktop | Allows full Remote Desktop interaction. | |
Network Access (VPN) | Allows VPN activation and subnetwork access. The subnetwork access can be filtered by applying firewall policies. | |
Passthrough (Serial + USB) | Allows to use a serial pass-through function (this option is subject to VPN activation). | |
Read Remote Files | Allows you to read files from the remote system through the Explorer section in the Interactive Access Tool. | |
Write Remote Files | Allows you to write files to the remote systems through the Explorer section in the Interactive Access Tool. | |
Chat | Allows the use of the chat through the Remote Desktop section in the Interactive Access Tool. | |
System and Processes | Allows you to access the remote processes viewer and possibly restart them as needed through the End process button in the Interactive Access Tool. | |
NOTE:
See Interactive Access for further information on this Tool.
NOTE:
While an administrator profile is granted with
Access User Accounts
and Manage Users Accounts
permissions, it is not allowed to change or remove user permissions.
NOTE:
Users who own the
Manage Users Accounts
permission can change the password of other users through the section.Provide Feedback