A local user logged in to an AS-P can access the system folder in the ES which the AS-P is connected to

Notifications

Building Automation Knowledge Base

Schneider Electric Building Automation Knowledge Base is a self-service resource to answer all your questions about EcoStruxure Building suite, Andover Continuum, Satchwell, TAC…

Invite a Co-worker

Send a co-worker an invite to the portal.Just enter their email address and we'll connect them to register. After joining, they will belong to the same company.

Send Invite Cancel

Related Forums

Intelligent Devices Forum

Previous Next

Invite a Colleague

Found this content useful? Share it with a Colleague!

Invite a Colleague

Back to Building Automation Knowledge Base

566 Views

Link copied. Please paste this link to share this article on your social media post.

Trying to translate this page to your language?

Select your language from the translate dropdown in the upper right.

Translate to: English

Issue

When a local user belonging to the administrator group on an AS-P is logged in to the AS-P using Workstation the user can for example via a Link in a graphic access the system folder in the ES the AS-P is connected to. The local user in the AS-P can even change the admin password on the ES.

How can this be avoided?

Product Line

EcoStruxure Building Operation

Environment

Building Operation Automation Server
Building Operation Enterprise Server

Cause

In EBO v3.2.1 and later versions, it is possible to restrict access of the logged-in user to only the server that they are logged into, i.e. it is possible to prevent access to the ES\Servers folder when logged directly into an AS-P that is a sub server of the ES, thus preventing access to the whole system.

Resolution

In the ES Control Panel open Security Settings:

Mark the option "Restrict root permission to logged in server"

To The Top!

A local user logged in to an AS-P can access the system folder in the ES which the AS-P is connected to

Related Forums

Intelligent Devices Forum