0:05
Good morning everyone, thank you for joining us on this webinar on implementing user security with micro OCS units. The presentations are roughly about 20 minutes.
0:14
If you have any questions you can put them in and we’ll get them at the end. Hello and welcome to today’s webinar.
0:20
Today we will look at implement user security in the micro OCS. Let’s look at our agenda for today.
0:27
We are going to start out by answering the question, what do we mean by user security?
0:32
Then we will talk about how user security is handled in the Excel, Prime and Canvas that have been canned user security feature.
0:41
And then we are going to show you an example approach of how you can build your own user security functionality in the Micro OCS that approximates a fair amount of functionality that is built into Excel, Prime and Canvas.
0:55
There will be demonstrations throughout and we will finish with a Q &A session.
0:59
So, what do we mean by user security?
1:02
Well, user security is a process of controlling access to certain machine operations to authorize personnel only.
1:10
In other words, if there is a certain function that needs to be performed by the operator and you want to make sure that it is an authorized and trained operator that is performing that function.
1:22
So, in practice, how would you keep an operator from performing an unauthorized function?
1:28
One way would be prevent them from accessing a screen from which that function is performed.
1:35
Another way would be to allow them access to the screen, prevent them from pressing the button that would make the adjustments to the machine that they do not know how to do.
1:45
Maybe search the machine if they really should not be doing that.
1:48
Now the way that an operator would approve their credentials would be to either enter in a password or enter in a username and a password and at that point, then the OCS would know that this particular operator, or at least the one that entered the password or has this set of credentials, they should be able to switch their screen or they should be able to press the push button and cause this action to occur.
2:13
The XL Prime and Canvas OCS have account user security capability built into them.
2:20
If you are using Cscape 10, you can access this from the user interface tab.
2:25
then by pressing the user selection from the system setting.
2:29
If you are using cscape 9.9 you can access user security configuration.
2:35
You will just have to go to the graphics editor and then under config select user security configuration.
2:42
Let’s go through an example of how in the xl prime or the canvas you might protect access to a particular screen.
2:49
That would one way you could keep operators from doing something they should not.
2:54
So the first step in the process is to create a username and a password combination that have corresponding access level. Now what is an access level?
3:04
There are eight potential different levels of access where zero is the lowest level and seven is the highest level and you can set those levels the way you want.
3:14
If you only need a couple different access levels for a project you can set it up that If you want to take advantage of all 8 levels you could do that as well but once you have entered in the username and the password credentials next you are going to want to place it in an order to protect the screen.
3:32
You are going to want to place a jump button on the screen and then when you configure that jump button you can also configure the screen it jumps to but you are going to press the access button and set the access level for that jump button.
3:47
In our example here, as you can see, from step 4, we have set the access level to 2, so what that could mean is that anybody at runtime who presses the button would have an access to level of 2 or higher in order for the button to operate, so that is effectively the way you set up Cscape to protect a screen using the user security function.
4:10
Now on runtime, what is going to happen is the operator is going to press the button to attempt to jump the screen and then he will get a pop-up window that will ask for a username and a password credentials.
4:22
Once he has entered his username and password if the access level assigned to those credentials is high enough the screen switch will occur.
4:31
If the access level is not high enough he will see an access denied message instead.
4:36
So that is the way you can screen access or runtime using Khan Security Feature in Excel Prime and Canvas. However that security feature can do much more than that.
4:48
It can also be used to protect any object that has an action to it, whether that be a jump button like we have just described or maybe a push button or maybe an editable numeric data field which might be used in a particular application.
5:03
Let’s say to adjust the set point on the machine.
5:05
You do not want everybody necessarily to be able to do that so by setting an access level to that particular editable data field that might make some sense in your application and then there are some other things you can do with the user security feature and that is you can continuously monitor and record the operators that are logging in and logging out.
5:27
You can set automatic time out so that if a user does not press the screen for a set amount of time he is automatically logged out.
5:36
The other thing that is possible if you have a particular need to change a password or to change a username you have the ability with this canned feature to be able to make those changes on the fly by assigning variables to those user credentials instead of hard coding them in Cscape.
5:53
There is plenty of security capability the XL Prime and Canvas.
5:57
Now let’s talk about how we can incorporate some of these security functions into the Micro OCS which does not have a canned user security function and in today’s demonstration we are going to show you how you can build a project that has the ability to provide password entry and an automatic operator logout if there is a level of inactivity.
6:18
We are going to show you how to protect against an operator accessing a certain screen.
6:22
We are also going to show you how to protect against an operator pressing certain buttons and editing numerical data fields if they do not have the security level and the way we are going to accomplish this is by using the password object which we will describe later on in this presentation.
6:40
We are also going to use something called graphic object display attributes among with some logic to make this all happen. Let’s start with password graphic object.
6:50
The password graphic object is another numerical entry object.
6:54
What is special about this even though it behaves just like a regular editable numerical entry object assigned to a double integer variable during after data entry only asterisks characters are shown on the screen so in other words while it is in use while the password is being entered there is only an asterisk being shown on the screen so if somebody is peeking over the shoulder of the operator it is difficult for them to steal the password so that is the password graphics object that we are going to use in our sample project to allow the operator to enter in a Next we are going to protect individual objects and screens by using display attributes capabilities that can be assigned to any graphical object.
7:39
If you are using the micro OCS and you double click on any graphical object that has an action to it, like a push button or a numerical data field for instance, you will notice that there is an Altributes button available in the dialog box even though there is not an button like you would have for accessing user security in the canvas and XL Prime.
8:01
By using this attributes button you can go in and configure a couple of the key attributes that are very useful in protecting objects.
8:09
One is the visibility attributes so if you do not want an object to be visible for an unauthorized operator you can use the visibility attributes to dynamically make it invisible.
8:21
There is also enable attributes that allows you to prevent an from pressing a start button or if they press start button nothing will happen for instance or for editing let’s say a set point on a numerical data object so that they press that button and nothing happens so you can also make an object action or as an input if you want dynamically enabled or not.
8:45
Now the way you do this is first by going into the attributes section of the dialog box and the specific attributes that you want to make dynamic.
8:55
In our example here we have checked the visibility attributes by making it dynamic and we have not checked the enable input attribute to make it dynamic for this particular object but you could do either of those or both and then after deciding which attribute needs to be dynamic then you assign an override variable which is an integer variable and then by manipulating that individual bits within that variable you make it dynamically in your application.
9:23
You can make the visibility and the input dynamically enabled or not.
9:28
For our demonstration we are going to start by taking a look at what we have implemented in our example project here.
9:35
So effectively what we have created is four different levels of security.
9:40
We have a not logged in level, a user level, a maintenance level and we have an admin level.
9:45
So we have three different passwords, one password for each of these different levels With the not logged in level it does not need a password these are jump buttons that are used from this main screen to navigate.
9:58
So from this main screen we have three different screens created that could be jumped to now. We just chose three for now for illustration purposes.
10:07
Now if you are a user or above you will be able to access this user screen.
10:11
If you are maintenance level or above you can access any of the user screens and any of the maintenance screens and if you are admin level you can access any of these screens.
10:21
And the way we are controlling access is by using the visibility attribute on each of these jump buttons.
10:27
So under attributes here, for this jump button, we have assigned the visibility as a dynamic attribute.
10:34
So if the variable user invisible dot one, which is the first bit of the user invisible variable, if that is on, then this jump button will be visible.
10:43
If that first bit is off, then that will be off and the button will not be visible.
10:48
So that is how we have incorporated that for maintenance screen if you go to attributes and maintenance visibility first bit needs to be on for that to be visible and in the case of admin we have created a variable in our attributes called admin visible and that first bit has to be on for that jump button to be visible.
11:08
Now the other thing we have done here with our scheme is we have added a password button here so this is where the user can enter the password now this does not implement any kind of password.
11:19
It is strictly a password based system so by using this password object there is a variable in our program called password entry and that is a double integer which all password data fields are and that variable will be entered with the password by the operator but while they are entering it they will see nothing but asterisks.
11:39
Now we have also created a logout button that will allow them not only to log in with their password but to log out manually and if they do not hit the logout button, we have incorporated some logic that will automatically log them out after 15 minutes.
11:53
So this is how we have defined the system.
11:56
So when an operator goes to the screen, if they have not logged in, then none of these buttons will be visible because there is not a user, not a maint or an admin logged in.
12:06
Now if they log in as a user, this will be visible.
12:09
If they log in as a maint, these two will be visible.
12:12
if they give a password for the admin all three will be visible and then they will have the ability to jump to the appropriate screens.
12:20
Let’s go to the user screen to show you some other protections that we have done.
12:24
So this is a user screen that either the user the admin or the main category could access and there is a start button a stop button and an indicator light here along with an indicator of the current temperature and the ability to change the temperature set point.
12:40
We have set this up so nobody could start or stop the machine or see that the process is running.
12:46
That is because we have not done anything to our attributes to change from the defaults.
12:51
So nobody can access this particular button similar to the monitor.
12:55
The current temperature nobody can see the current temperatures.
12:58
You can see by the fact there is no dotted X on here.
13:01
There is no visibility attributes or anything else that dynamic.
13:05
So nobody could see the current temperature.
13:07
However, from the standpoint of changing the temperature setpoint, we have protected that.
13:12
So if we go to the attributes area on this object, you can see that our enable bit is dynamic.
13:18
That is the fourth bit here.
13:20
So we have assigned an integer variable called entry and that is the fourth bit of the entry.
13:26
And if the fourth bit of the entry is on, then whoever is viewing the screen will have the ability to change the temperature setpoint.
13:33
If that particular bit is off then this essentially becomes an object where pressing it does nothing.
13:38
They will be able to see what the current temperature set point is but they will not be able to change it.
13:44
So that is how we have configured some of the security features on the screens in this demonstration.
13:49
So here is our application that is running and you can see that there are no jump buttons in that center section of our screen navigation and that is because nobody is currently logged in.
14:00
At the bottom you can see that the user main and admin are all just LEDs that are not filled in so there is no current access level.
14:08
Also you can see that the yellow indicator that shows the logout time is at zero so that means whoever has previously logged in is now fully logged out.
14:17
So our first step is to enter our password.
14:20
Now these passwords have been set to a very simple default values which can be changed so let’s enter in a password.
14:28
We are going to enter in the user level password and when we do the jump button for the user screen pops and notices that we now have a logout time counting down from 15 minutes and the user level led has been lit up so if we do nothing for the next 15 minutes it is automatically going to log us out but if we want to go to the user screen right now we can so let’s do that we can see what the current temperature value is we can also see what the current temperature set point is but we do not have the ability to change that set point That is because we are logged in as an operator and the operator does not have the ability to change the temperature set point because the attributes that control that entry for that object has been set to do not allow because of the access level.
15:16
However, as an operator, we could stop the process right now.
15:20
We could even start it up again because those particular objects that have actions have not been protected.
15:27
Let’s go back to the main screen and now log in as an admin, so first we are going to log out, and then we are going to log in as an admin.
15:35
And you can see, because we logged in as admin, all three levels are available to us.
15:40
So if we go back to the user screen, now you can see we do have the ability to make a change to that set point, and we do have the ability to stop and start the process.
15:50
We also have the ability to go to maintenance.
15:52
There is nothing on the maintenance screen right now, and we can go to the admin now.
15:56
One of the functions we have built into this program is the ability for different passwords for different levels to be changed by an admin so you can periodically change these passwords to prevent you from having to fire up seascape just to change a password.
16:12
Also we have made the logout time more adjustable which is currently at 15 minutes or 900 seconds but we could adjust that if we wanted to if we are admin.
16:22
Now you will notice every time we touch the screen the logout time resets but what we looking for to automatically log out an operator is for 15 minutes of inactivity which means 15 minutes of not touching the screen but we can also log someone out by pressing the button.
16:38
Now we are back in Cscape and we are going to show you some of the logic that we have also created here that goes along with the screens that we have created to provide this user access capability.
16:50
The first thing we have here is a series of runs which make sure that there is a default user password in the system so by default the user password, maintenance password, admin password and login preset those values are at zero and that is not what we want, we want to make sure that there is at least a default value in there for those so that is what those first few runs do on the first scan is they make sure we have got a reasonable value here.
17:18
Next we are going to do is look for a password entry variable, that one is edited through password object so if somebody has entered in a non zero value we are going to set a one shot coil to test that password and see if it matches the user password the maintenance password or the admin password and if it does then we are going to set our user level main level and admin level coils to the appropriate values based on the access level and then once we have checked that password against the possible level we are going to clear out the password entry variable So, it is normally sitting there at zero unless somebody has entered in a value.
17:58
Now once we have tested it to see if the password is valid or not or if a valid user level, maintenance level or admin level have not been entered then we are going to turn on a bit here which displays on the screen a dynamically visible text object which says invalid password.
18:16
Now we talked about having automatic logout so here is the logic for this.
18:20
So what that says is if we are currently logged in at any level we are going to have a 15 minute timer by default you can change it up or down and if that timer expires then we are going to turn on a coil that is automatically going to cause a logout and now we have the ability to calculate the remaining time for that timer so we can display that on the screen so the operator can see.
18:45
Now how do we reset that timer back to 15 minutes if there is an activity on the screen?
18:50
while we do this using one of the system registers and there is a system register that will show you the x coordinate every time the button is pressed so as long as there is a non-zero value in the x coordinate it means somebody’s touching the screen we can also use the y coordinate as well so if it is a non-zero the touch is active and if the touch is active we are going to reset our automatic logout timer so that is how the logic works.
19:19
Now if the logout button is pressed or if the logout timer expires on its own we are going to reset the access level so turn off these bits that were set when access level was set after the login.
19:32
We are going to do that and we are going to move back to main screen because if it was protected screen that was being displayed then the logout timer expires.
19:41
We want to make sure we go back to our unprotected screen which is our screen of the screen number one.
19:47
Now down here in the logic that we can use dynamically manipulate those visible bits and entry enable bits for those objects where we use those dynamic display attributes.
19:58
If we are at any of the levels then any object which is visible for the user should be visible as long as we are logged in any one of these three levels.
20:07
Then we should be able to turn this bit on which should cause the user visible objects to be which in our case is that user screen jump button again.
20:17
If we logged in at either maintenance or admin we want the maintenance type object to be displayed or visible and in that case we have said for this particular screen as long as you are at least a maintenance level operator you will be able to enter in changing set points so the objects where you have protect data entry will also be enabled if you are at least on the maintenance level and then if you are on admin level then the admin physical objects which are the admin screen will also be visible so that is the logic and that goes along with the screens that we have created for making this logic all work.
20:54
Let’s go back to our bench and enter in a valid password and see what happens.
20:58
You can see we get a message that says invalid password and then after a few seconds that should go away.
21:05
Let’s try it again.
21:06
This time we have a valid password and our user screen popped up because we are at the user level and we are counting down our logout.
21:15
That concludes our webinar for today. Thank you so much for listening.
21:18
The Q &A session will begin shortly.
21:26
Okay, I didn’t see any questions enduring for that.
21:31
So we are back on next week again with a webinar on custom splash screens.
21:37
So if you have an interest in that, the registration links will be up on the web as usual. Okay, nothing coming in.
21:46Thank you all very much for joining us and have a good evening.
