When a local user belonging to the administrator group on an AS-P is logged in to the AS-P using Workstation the user can for example via a Link in a graphic access the system folder in the ES the AS-P is connected to. The local user in the AS-P can even change the admin password on the ES.
How can this be avoided?
EcoStruxure Building Operation
- Building Operation Automation Server
- Building Operation Enterprise Server
In EBO v3.2.1 and later versions, it is possible to restrict access of the logged-in user to only the server that they are logged into, i.e. it is possible to prevent access to the ES\Servers folder when logged directly into an AS-P that is a sub server of the ES, thus preventing access to the whole system.
In the ES Control Panel open Security Settings:
Mark the option "Restrict root permission to logged in server"