Relevant only on workstations whereReadOnlyStation is set. Does not apply otherwise. A full discussion is provided in the topic, Read-Only Workstation.
The default system privilege mask for a read-only workstation does not grant the configuration privilege or the edit files privilege. If you configure the workstation you are using to be read-only, you will have no means to do further configuration at that workstation, or even to reverse that change. Your only recourse will be to move to another workstation on your system and use the Version Control system to reverse the change.
*******************************************************
*** DEFINING A WORKSTATION TO BE READ-ONLY ***
*** IS BEST DONE FROM ANOTHER WORKSTATION. ***
*******************************************************
(A remote connection using a VIC or Anywhere client does not count as working at another workstation. Do not proceed unless your application has a Client / Server Configuration)
This is a bitwise value that controls which system privileges are enabled at a read-only workstation. The privileges assigned to the operator will also apply. For a privilege to be accessible, it must be enabled for the operator as well as the workstation. This mask does not grant privileges to those who do not otherwise possess them. See also: StationMaskApp
StationMaskSys can be set in different layers of VTScada. The privileges of each layer will inherit the privileges of the parent layer before it. Privileges enabled or disabled at the VTS Library layer will be overwritten by privileges at the OEM layer and the result will be overwritten again at the Application layer.
In the following example, the bitwise value has been shortened to 8 bits for the sake of brevity.
If StationMaskSys is set to 11111111 at the VTS Library layer, 0000 at the OEM layer and 11 at the Application layer...
Then the value at the OEM layer will become 11110000 (taking the VTS Library layer and adulterating it with the OEM layer value) and....
Then the value at the Application layer will become 11110011 (taking the OEM layer value and adulterating it with the Application layer value).
Leaving the StationMaskSys set to Default
While there is a default value for this property, it will not be visible in your Application Configuration dialog.
The default is copied below for your convenience and can be used as a starting point when defining your own StationMaskSys. A comment is provided above the value to help you count the bits from right to left.
Section: <SecurityManager-Admin> ; 60 50 40 30 20 10 ; 0987654321098765432109876543210987654321098765432109876543210
StationMaskSys = 0000011010010100110000100001010000000100000000000101000000100
The default value permits only the following privileges. The signed on operator must also posses these privileges, because setting a privilege in the station mask does not grant that privilege to any operator who has not already been granted it.
(The following refers to the default value, as shown in the example.)
2 - Account Modify
9 - Application Stop
11 - Tag Parameter View
23 - Thin Client Access
31 - Alarm Page Access
33 - History Page Access
38 - Page Note Hide
43 - Sites Page Access
44 - Maps Page Access
49 - Global Tag & Area Filter
52 - Recipe Page Access
54 - Remote Tag Value/History Retrieve
55 - Service Page Access
As new privileges become available, their default value will be provided.
Setting customized privileges with StationMaskSys
When setting a custom StationMaskSys value be aware that any missing bits will be padded on the end with a 1, enabling those privileges.
As new privileges are added the bitwise length will inevitability change. If your custom StationMaskSys value is shorter than the new default, the missing bits will default as enabled until the value is updated. No matter what the default value of the new privilege is in a default StationMaskSys, it will be enabled in an unchanged custom StationMaskSys value.
|
Bit Number |
System Privilege |
|---|---|
|
0 |
Configure |
|
1 |
Account View |
|
2 |
Account Modify |
|
3 |
Accounts Manager |
|
4 |
Security Administrator |
|
5 |
Alarm Disable |
|
6 |
Manual Data |
|
7 |
Questionable |
|
8 |
Alarm Acknowledge |
|
9 |
Application Stop |
|
11 |
Tag Parameter View |
|
14 |
Edit Files |
|
15 |
Deploy Changes |
|
16 |
Revert Changes |
|
17 |
Page Add |
|
18 |
Page Modify |
|
19 |
Page Delete |
|
20 |
Tag Add/Copy |
|
21 |
Tag Modify |
|
22 |
Tag Delete |
|
23 |
Thin Client Access |
|
24 |
Alarm Mute |
|
25 |
Alarm Silence |
|
26 |
Group Modify |
|
27 |
Group Save |
|
28 |
Group Delete |
|
29 |
Pen Modify |
|
30 |
Note Add |
|
31 |
Alarm Page Access |
|
32 |
Reports Page Access |
|
33 |
History Page Access |
|
34 |
Deprecated |
|
35 |
Thin Client Monitor Access |
|
36 |
Thin Client Monitor Admin |
|
37 |
Page Note Edit |
|
38 |
Page Note Hide |
|
39 |
Advanced Version Control |
|
40 |
Application Manager View |
| 41 | Manage Tag Types |
| 42 | Alarm Shelve |
| 43 | Sites Page Access |
| 44 | Maps Page Access |
| 45 | Operator Notes Page Access |
| 46 | Edit Data |
| 47 | Remote Data Access |
| 48 | Control Outputs |
| 49 | Global Tag & Area Filter |
| 50 | Change recipes |
| 51 | Start recipe batches |
| 52 | Open the Recipe & Batch Management Page |
| 53 | Edit contacts in Roster tags. |
| 54 | Restricts access to the main History table when making remote queries. (Access to defined SQL Views can permitted on a tag-by-tag basis.) |
| 55 | User may access the Services page |
| 56 | User may force a service to change servers |
| 57 | User can create Control Locks and can remove Control Locks over which the user has "ownership" |
| 58 | User can remove any Control Lock |
| 59 | |
| 60 | Able to release a control token from any tag. |
