Domain user permissions

FactoryTalk Remote Access Manager
allows you to define user permissions for devices, groups, and individual user accounts. Devices, groups and user accounts inherit the permissions defined for the folder in which they are stored.
Domain subfolders
are useful for setting up specific access control settings for different business units, regions, or operations as appropriate for your environment. Rules assigned to subfolders and individual devices have priority over rules in the parent folders that contain them.
You can set exceptions in a user's permissions settings, even if the user  belongs to a group with pre-defined settings.
  1. In
    FactoryTalk Remote Access Manager
    select
    Explorer
    Domain view
    Permissions
    .
  2. In the left pane, select the folder or device for which you wish to set user permissions, then access the
    Permissions
    section in the right pane.
  3. If the user for which you would like to set permissions is not listed in the
    Permissions
    section, add it by clicking the circled plus icon at the top right of the pane.
  4. Select the user or group and expand the
    Permission operations
    section.
  5. Allow or deny permissions, as needed.
The following table shows the domain user permissions available. Each permission includes a set of granular permissions that can be allowed or denied.
Administration
Allows you to manage operations related to the domain organization in terms of folders and access control.
Access User Accounts
Allows access to user profiles that are defined within folder paths and sub-paths for which the permission is given.
Manage User Accounts
Allows permission assignments and creation, editing and deletion of user accounts.
Manage Folders
Allows you to create, edit, move, and remove folders.
View Connection Audit
Allows access to the connections log.
View Operations Audit
Allows access to the administration log.
Network Security
Allows you to manage the firewall configuration.
Device Installer
Allows you to manage devices within a specific domain.
Interactive Access
Allows you to interact with the remote device as a viewer and/or with read and write rights.
View the Desktop
Allows the
Remote Desktop
view only, whereas interaction is not allowed.
Interact with the Desktop
Allows full
Remote Desktop
interaction.
Network Access (VPN)
Allows VPN activation and subnetwork access. The subnetwork access can be filtered by applying firewall policies.
Passthrough (Serial + USB)
Allows to use a serial pass-through function (this option is subject to VPN activation).
Read Remote Files
Allows you to read files from the remote system through the
Explorer
section in the
Interactive Access
Tool.
Write Remote Files
Allows you to write files to the remote systems through the
Explorer
section in the
Interactive Access
Tool.
Chat
Allows the use of the chat through the
Remote Desktop
section in the
Interactive Access
Tool.
System and Processes
Allows you to access the remote processes viewer and possibly restart them as needed through the
End process
button in the
Interactive Access
Tool.
NOTE: See Interactive Access for further information on this Tool.
NOTE:
While an administrator profile is granted with
Access User Accounts
and
Manage Users Accounts
permissions, it is not allowed to change or remove user permissions.
NOTE: Users who own the
Manage Users Accounts
permission can change the password of other users through the
Explorer
Domain view
section.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.