In this section of the lab you will secure FactoryTalk AssetCentre assets and features.
Launching FactoryTalk AssetCentre
In this section you will launch the FactoryTalk AssetCentre Client, if it’s not already open.
1. From the Start menu select Programs → Rockwell Software → FactoryTalk AssetCentre Client → FactoryTalk AssetCentre Client. You can also double-click the FactoryTalk AssetCentre Client icon on the desktop:
After a few seconds, you should see a software interface that looks similar to this:
Creating new Users and Groups
To secure our FactoryTalk AssetCentre asset view and features, we will first need to create new users and groups for our Packaging and Process Areas. Users and groups are administered in the FactoryTalk Administration Console.
1. Open FactoryTalk Administration Console from the shortcut on the desktop
2. Select the Network FactoryTalk Directory and click OK.
After a few seconds you will see the FactoryTalk Administration Console
3. Expand the Users and Groups, then expand Users then expand User Groups
4. With the User Groups folder selected, right click and select New → User Group
5. Enter Process Area for the Name, then click Add
6. If we had a user already created that was appropriate, we could assign them to the Process Area. Instead, we are going to create a new user called John. Select Show users only for the Filter Users, then click Create New and select User . . .
7. Enter John for the User Name, as well as for the password. Click OK to continue.
8. Select John in the list and then click OK
9. John has been added to the Process Area group. If you like, repeat step 7 – 9 to create additional Process Area users.
10. Click OK to the new User Group dialog with our assigned Users
Next, we are going to create a new User Group called Packaging Area and create a new user call Bob to assign to this new group.
11. With the User Groups folder selected, right click and select New → User Group
12. Enter Packaging Area for the Name, then click Add
13. Again, at this point, if we had a user already created that was appropriate, we could assign them to the Packaging Area, however we are going to create a new user called Bob. Select Show users only for the Filter Users and then click Create New and select User . . .
14. Enter Bob for the User Name, for the password, and click OK.
15. Select Bob in the list and then click OK
16. Bob has been added to the Packaging Area group. If you like, repeat step 12 – 16 to create additional Packaging Area users.
17. Click OK to the new User Group dialog with our assigned Users
Our FactoryTalk Administration Console explorer should look similar to this (Next Page):
Securing AssetCentre functions (Design Mode)
Now that we have our Process Area and Packaging Area Users Group and Users created, we are going to restrict these groups from entering into Design Mode within AssetCentre.
1. Expand the Policies folder
2. Expand the Product Policies folder
3. Expand the FactoryTalk AssetCentre product policies folder and double click on the Feature Security item
4. Navigate to the Switch to Design Mode polices and click the Configure Security button.
5. Click the Add button
6. Select Packaging Area and click OK
7. Again, Click the Add button
8. Select Process Area and click OK
9. Since we don’t want the Packaging or Process Area groups to have the ability to Switch to Design mode click the Deny checkbox for both.
10. Click OK to the Configure Securable Action dialog.
11. Click OK to the Feature Security Properties dialog.
12. Close the FactoryTalk Administration Console
We will verify that the Design Mode is not available for either of these two groups in the Exercise Security Configuration section.
Securing the FactoryTalk AssetCentre Asset Tree
You will now configure security to prevent the two groups (Process and Packaging Area’s) from viewing each other’s assets or areas.
1. Within the AssetCentre client, navigate to the Packaging Area as this will be our first Area we are going to secure.
Click the Deny checkbox to prevent groups or user from entering Design mode
2. Enter design mode by clicking the Design button
3. Next, click the “Configure Security for the Selected Asset” button. The following is now displayed:
4. Click the Add button
5. Select the Process Area group and click OK.
6. Expand out the Common Permissions, navigate to List Children.
7. Check the Deny for List Children AND Read permissions, click OK.
Note: This will prevent any user associated to the Process Area user group to view the Packaging Area contents. The Read permission is for Packaging Area folder itself, and the List Children is for any content within the Packaging Area.
8. Click Yes to the Security Settings dialog.
9. Next, navigate to the Process Area as this will be our other Area we are going to secure.
10. Next, click the “Configure Security for the Selected Asset” button.
11. Click the Add button
12. Select the Packaging Area group and click OK.
13. With the Packaging Area group selected, Expand out the Common Permissions, navigate to List Children.
14. Check the Deny for List Children AND Read permissions, click OK
15. Click Yes to the Security Settings dialog.
16. Exit design mode by clicking the Design button.
Exercise Security Configuration
In this section of the lab we are going to confirm that you have performed the security configuration correctly.
1. Within AssetCentre, click File and then Log Off.
Notice, with no user log in the FactoryTalk AssetCentre client is blank.
2. To Log back in, click File and then Log On
3. We will first log in as John our Process Area user. Enter John for the user name and password and then click OK to Log In.
4. The FactoryTalk AssetCentre client opens; notice that only the Process Area is available for John. In addition, notice that the Design Button is grayed, meaning that it’s not available.
5. To verify that Bob can only see the Packaging Area, Log off and Log back into AssetCentre as Bob. Click File and then Log Off.
6. Log In by clicking File and then Log In.
7. Enter Bob for the user name and password, and then click OK to Log In.
8. Notice that only the Packaging Area is available to Bob, and again, the design mode button is grayed.