EnglishУкраїнськаРocсийский
Login/New
Topic with no new replies

Users and Sessions


Author Message
Written on: 23. 08. 2017 [19:26]
Unaie
Unai Ezta
Topic creator
registered since: 30.06.2009
Posts: 42

I have two users:

ROOT belonging to all groups.
USER belonging to groups UI,UIC,Users.

Operation User Interface (QT) is launched by USER automatically.

Project has permissions:

Owner and Group: ROOT UIC
View Control / View Control / View


When you login in Operation user interface (WEB) as user: USER, you can connect to current session (QT), but it is not allowed to create a new one. (ROOT is able to create a new one)

What I want is that via WEB the user always has to create a new session, and never to connect the existing QT session.

Do I have to create different users for remote WEB access to avoid connections to QT Session?

Another question, how can I disable via WEB for an user these options:

 System configurator (WEB)
 Web interface from user
 Dynamic WEB configurator


Written on: 23. 08. 2017 [22:06]
roman
Roman Savochenko
Moderator
Contributor
Developer
registered since: 12.12.2007
Posts: 3303
"Unaie" wrote:

I have two users:
ROOT belonging to all groups.

There enough belonging to the group "root".

"Unaie" wrote:

When you login in Operation user interface (WEB) as user: USER, you can connect to current session (QT), but it is not allowed to create a new one. (ROOT is able to create a new one)

No, contrariwise. You cannot to connect to actual Qt session but it's from different user and USER isn't ROOT, see to Demo. Only ROOT can connect to sessions from different users!

"Unaie" wrote:

Another question, how can I disable via WEB for an user these options:
 System configurator (WEB)
 Web interface from user
 Dynamic WEB configurator

You can their disable only by client's IP or commonly but in time of the main page opening there unknowns any user yet!

Learn, learn and learn better than work, work and work.
Written on: 23. 08. 2017 [23:15]
Unaie
Unai Ezta
Topic creator
registered since: 30.06.2009
Posts: 42
"roman" wrote:

No, contrariwise. You cannot to connect to actual Qt session but it's from different user and USER isn't ROOT, see to Demo. Only ROOT can connect to sessions from different users!


OK, but USER launches QT GUI. So when USER logins via WEB, a previous session is open for that user, and he cannot create a new one to avoid interference with local SCADA. In old versions there was not this problem.

So, I think I have to create 2 users, USER_QT and USER_WEB. USER_QT opens QT Session, and USER_WEB has to create a new session. Am I Right?

"Roman" wrote:

You can their disable only by client's IP or commonly but in time of the main page opening there unknowns any user yet!


Correct. But I see that logged users, as USER, belonging to groups UI,UIC and Users can access via WEB to configuration options. Is there any of these groups giving configuring privileges?


[This article was edited 1 times, at last 23.08.2017 at 23:16.]
Written on: 24. 08. 2017 [07:33]
roman
Roman Savochenko
Moderator
Contributor
Developer
registered since: 12.12.2007
Posts: 3303
"Unaie" wrote:

"roman" wrote:

No, contrariwise. You cannot to connect to actual Qt session but it's from different user and USER isn't ROOT, see to Demo. Only ROOT can connect to sessions from different users!


OK, but USER launches QT GUI. So when USER logins via WEB, a previous session is open for that user, and he cannot create a new one to avoid interference with local SCADA. In old versions there was not this problem.

So, I think I have to create 2 users, USER_QT and USER_WEB. USER_QT opens QT Session, and USER_WEB has to create a new session. Am I Right?

Right, the generic users must be different ones anyway.

"Unaie" wrote:

"Roman" wrote:

You can their disable only by client's IP or commonly but in time of the main page opening there unknowns any user yet!

Correct. But I see that logged users, as USER, belonging to groups UI,UIC and Users can access via WEB to configuration options. Is there any of these groups giving configuring privileges?

Where? Can you do here http://oscada.org:10002/WebCfgD/ anything?
For external and runtime users you also must create and use exclusively new, not system, groups. But UI is one!

Learn, learn and learn better than work, work and work.



2105