Security for Output Tags

All tags that allow operators to write to a device must provide the option of being secured by a custom privilege.

This can be implemented as follows:

Create a parameter named SecurityBit:

SecurityBit    <:TagField("SQL_VARCHAR(255)", "Security Bit",   10):>

In the refresh module, ensure that this contains the correct data type:

SecurityBit = Cast(SecurityBit, 1 { Short });

And in the configuration panel, use the PSecBit function to allow the user to select from the existing custom privileges.

{***** Security bit *****}
GUITransform(30, 180 { btm at 125 }, 470, 80,
      1, 1, 1, 1, 1            { No scaling                     },
      0, 0, 1, 0               { No movement; visible; reserved },
      0, 0, 0                  { Not selectable                 },
      \DialogLibrary.PSecBit(\#SecurityBit, \GetPhrase("SecurityBitLabel"), 1 { ID }));

Each output widget will test the SecurityBit of the attached tag against the logged-in operator's privileges before performing a write.

 

If you have created your own output widgets for your custom tags, you must include code to check the security privilege. For example:

   IfThen ( !Editing && \OkToWrite(\SecurityBit, 1),

The value of \SecurityBit comes from the tag instance attached to the widget. The call to \OkToWrite() compares the signed in user's assigned security privileges with the SecurityBit and returns TRUE or FALSE. It is then the job of the code within your widget to allow the write to proceed or not.