delta v course 7009-11

FISHER-ROSEMOUNT SYSTEMS DeltaV SecurityCourse 7009 -- Rev 3 - 4/15/0111-1

TM

DeltaV Security


ObjectivesUpon completion of this module you will be able to define

Parameter security Field security Function security Users Groups Locks Environmental Protection Flexlock Application Export database


DeltaV Locks & Keys

Through the use of Locks & Keys, the DeltaV System provides security mechanisms at the parameter, fieldand function level.


Control lock assigned to parameters that an operator needs to write to or modify in order to control the process

Example: MODE, SP, OUT

Restricted Control lock assigned to parameters or fields that supervisors and engineers might use to configure the process

Example: BKCAL_IN, FF_ENABLE, RESTART_ENABLE

Tuning lock assigned that maintenance tech and supervisors use to tune the performance of the process

Example: GAIN, RESET, HI_LIM

DeltaV Locks & Keys


System Records lock assigned that affect the records kept by the system

Example: ENAB

Diagnostic lock assigned to parameters and fields that affect diagnostic information maintained by the system

System Maintenance lock assigned that would affect control system operation

User Lock 1 through 10 locks that can be assigned to parameters and fields that allow customized security schemes to be implemented

Batch Operate lock assigned that will allow a user with this key to operate the DeltaV batch subsystem.

DeltaV Locks & Keys


Build Recipe lock assigned that will allow a user with this key to use the Recipe Studio.

Can Calibrate lock assigned that would allow a user with this key to use the AMS device configuration and calibration features.

Can Configure lock assigned that would allow a user with this key to change the configuration database.

Can Download lock assigned that would allow a user to download configurations to nodes in the control network.

System Admin lock assigned that would allow a user with the key to access the database administration tools to create, copy and rename databases.

DeltaV Locks & Keys


Parameter Security

Access the DeltaV Parameter Security Properties dialog box from DeltaV Explorer by selecting:

System Configuration Setup Security Parameter Security Properties


Parameter Security

Writable parameters have locks assigned to them. The Properties dialog box, shown above, permits you to change the lock assignments.


Access the DeltaV Field Security Properties dialog box from the DeltaV Explorer by selecting:

System Configuration Setup Security Field Security Properties

Field Security


Field Security

Writable fields have locks assigned to them. The Properties dialog box, shown above, permits you to change the lock assignments.


Access the DeltaV Function Security Properties dialog box from the DeltaV Explorer by selecting:

System Configuration Setup Security Function Security Properties

Function Security


Function Security

Variouswritable function have locks assigned to them. The Properties dialog box, shown above, permits you to change the lock assignments.


User Manager

Access the DeltaV User Manager form from the DeltaV Explorer by selecting the Lock Key button. The DeltaV User Manager dialog bog appears.


User Manager

The DeltaV User Manager dialog box, shown above, allows you to ADD or DELETE user and group.


User Properties

Access the DeltaV General User properties form by clicking the right mouse button in a blank area of the Users Window and selecting New from the pull down menu. The New User form appears with the General tab selected.


User Properties

Use the General tab, shown on the New User dialog box above, to ADD and IDENTIFY a user.

Note: Press the Help button for detail information on specific fields.


Advanced User

Access the Advanced User form by selecting the Advanced tab from the New User dialog box.


Advanced User

Use the Advanced tab, shown on the New User dialog box above, to change the USER ACCOUNT and PASSWORD STATUS.



User Groups

Access the Groups form by selecting the Groups tab from the New User dialog box.


User Groups

Use the Groups tab, shown on the New User dialog box above, to modify the groups to which a user belongs.



User Keys

Access the Keys form by selecting the Keys tab from the New User dialog box.


User Keys

Use the Keys tab, shown on the Properties For User dialog box above, to grant keys to, or remove keys from, a user account.



Group Properties

Access the DeltaV Properties for Group: Operate form by double clicking a Group in the Groups window. The form appears with the General tab selected.


Group Properties

Use the Properties for Group dialog box, shown above, to ADD or MODIFY a group.

Use the General tab to name and describe a user group.



Group Members

Access the Members form by selecting the Members tab from the Properties for Group dialog box.


Group Members

Use the Members tab, shown on the Properties for Group dialog box above, to modify a user group by ADDING or DELETING members.



Group Keys

Access the Keys form by selecting the Keys tab from the Properties for Groupdialog box.


Group Keys

Use the Keys tab, shown on the Properties for Group dialog box above, to grant keys to, or remove keys from, the group currently being created or modified.



Environment Protection / Flexlock

The FlexLock provides a secure operating environment by limiting desktop access to those users with the required privileges for that desktop. The DeltaV FlexLock application opens when a user logs on to DeltaV.

FlexLock available desktops are the NT and DeltaV desktops.

A user with an Account Type of NT Desktop Access has access to the NT and DeltaV desktops.

A user who does not have NT Desktop Access is limited to the DeltaV desktop.

The NT desktop access includes all the DeltaV programs as well as all programs available in Windows NT.

The DeltaV desktop limits the user to the DeltaV Operate and its associated program. To secure your operating environment, consider giving operators access to the DeltaV desktop only and configuration engineers access to both the DeltaV and NT desktops.


When a user logs off, the next user to log on sees the FlexLock application with the DeltaV Desktop button active. This indicates that the current user has been switched to the DeltaV desktop.

All users without NT Desktop Access who attempt to switch to the NT Desktop receive a message indicating that they lack the proper privileges and are prompted to enter an administrator name and password. If they enter the proper administrator password, FlexLock switches them to the NT desktop.

If you exit the FlexLock application from the NT desktop, click

Start DeltaV Engineering FlexLockto return to the DeltaV desktop.

Important: You cannot exit the FlexLock application from the DeltaV desktop.

Environment Protection / Flexlock


Workshop - Defining Users

This workshop requires you to perform the following tasks:

Task 1. Create a User with OPERATE privilege with area restrictions.

Task 2. Create a User with TUNE privilege.

Task 3. Download and verify.



Step 1. Create a User with OPERATE privilege and the following characteristics:

Name OperatorAFull Name Alpha OperatorPassword operatoraPrivileges OPERATE privileges only for PLANT_AREA_A

Step 2. Create a User with TUNE privilege and the following characteristics:

Name Supervisor1Full Name Sarge SupervisorPassword supervisor1Privileges Sitewide TUNE privileges and download capability



Step 3. Download the Workstation.

Step 4. Verify by logging all the way out to the NT Log In

a. Close all applications

b. Start Shut Down Close all programs and log on as a different userStep 5. Verify each new users functionality.

Note: If a user does not have NT Desktop Access, press the keys before selecting the Log Off button.


This workshop requires you to Export the configuration database and copy the operator displays to a 3.5-inch disk in the following manner:

Step 1. From the DeltaV Explorer select Physical Network.

Step 2. Right click and select Export.

Workshop - Export


Workshop - ExportStep 3. Select the A: drive as the destination, thereby Exporting the

Physical Network. Click on Save.


Workshop - ExportStep 4. Export Control Strategies. Select the A: drive as the destination, thereby

Exporting the Control Strategies. Click on Save.


Workshop - ExportStep 5. Export Named Sets NS-T101. Select the A: drive as the destination,

thereby NS-T101. Click on Save.


Workshop - ExportStep 6. Export Named Sets phase_failures. Select the A: drive as the destination,

thereby phase_failures. Click on Save.


Workshop - ExportStep 7. Launch Windows NT Explorer by selecting

Start Programs Windows NT Explorer


Workshop - ExportStep 8. Copy the Ovw_ref.grf, Tank101.grf, and Tank201.grf files to

the A: drive from the NT Explorer.

DeltaV\DVData\Graphics-iFIX\Pic

Step 9. Remove your floppy disk from drive and take it home with you.

delta v course 7009-11

Documents