Issue
Allowing write access from BACnet
Product Line
TAC IA Series
Environment
I/A Series G3 BACnet Integration
Cause
By default, the BACnet driver provides external BACnet (client) devices "read access" to all exposed (exported to BACnet) objects in the station. Access depends on a station user named "BACnet." If this user does not already exist in the station, the Bacnet driver automatically creates it, upon startup. The BACnet user is initially created without any permissions.
Resolution
See below which is extracted from the Niagara Ax BACnet Guide:
To allow any external writes (from BACnet) to properties of exported components, including invoking commands (actions), you must assign the BACnet user the necessary permissions to those components.
For example, to allow an invoked "Active" action from BACnet to an exported BooleanWritable, in addition to making it "BACnet Writable" at priority level 8 when exporting, you must configure the station’s BACnet user to have operator write permissions on that BooleanWritable, at a minimum. Or, if an exported NumericWritable has an alarm extension, and you want to permit external BACnet writes to its "alarm limit" values, configure the BACnet user to have admin write permissions on the exported NumericWritable.
In either example, to allow an external BACnet write to a property like "Out Of Service" or "Notify Type," you must give the BACnet user admin write permissions on the BACnet export descriptors. For details about station user security, see "About Security" in the User Guide.
Note: BACnet user permissions also apply to writes of any exported files and histories. Also, note that while a password for the BACnet user is technically not needed (for external BACnet access), you should assign one anyway, because of the write permissions typically assigned. Make it a "non-blank" password, and guard this password carefully.
