Configure a secondary security authority

Use the
Controller Properties dialog box - Security
 tab to configure a secondary security authority for a project that is already protected by a primary security authority. Configure a secondary security authority to further restrict Guest Users beyond the permissions granted by the primary security authority. A secondary security authority cannot grant permissions that are denied by the primary security authority.
When a project is protected by a primary security authority, this message appears at the top of the
Controller Properties dialog box - Security
 tab for a Guest User:
This project is secured by a Primary Security Authority, limiting permitted actions. Additional security is configured here.
To configure a secondary security authority:
  1. In the
    Controller Organizer
    , select the project name at the top of the pane and select
    Properties
    .
  2. In the
    Controller Properties dialog box
    , select the
    Security
     tab.
  3. In the
    Security Authority
     box, select
    FactoryTalk Security
    .
    1. To associate this project with a specific Security Authority, select the
      Use only the selected Security Authority for Authentication and Authorization
       check box. When this check box is selected, users interacting with this project must be authenticated and authorized by either the primary or the secondary Security Authority.
      IMPORTANT:
      Before associating this project with a specific Security Authority,
      Rockwell Automation
       recommends backing up the
      FactoryTalk Directory
       and save unsecured versions of this project file in (. ACD) or (.L5X or .L5K) formats. For details about backing up a
      FactoryTalk Directory
      , see
      FactoryTalk
       Help:
      Start > Programs > Rockwell Software >
      FactoryTalk
       Tools >
      FactoryTalk
       Help
      .
    TIP:
    The secondary Security Authority can only further deny permissions that are allowed by the cached Guest User permissions. The secondary Security Authority cannot grant permissions that are denied by the cached Guest User permissions.
    When selected for the Secondary Authority, additional Guest User permissions from the Secondary Authority within the project are not cached. Only Guest User permissions from the Primary Authority are stored within the project.
  4. Select
    OK
    .
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.