For administrators - how to determine what permissions are applied to groups and objects
EcoStruxure Geo SCADA Expert Forum
Schneider Electric support forum about installation, configuration, integration and troubleshooting of EcoStruxure Geo SCADA Expert (ClearSCADA, ViewX, WebX).
Send a co-worker an invite to the portal.Just enter their email address and we'll connect them to register. After joining, they will belong to the same company.
You have entered an invalid email address. Please re-enter the email address.
This co-worker has already been invited to the Exchange portal. Please invite another co-worker.
Please enter email address
Send InviteCancel
Invitation Sent
Your invitation was sent.Thanks for sharing Exchange with your co-worker.
Link copied. Please paste this link to share this article on your social media post.
Posted: 2022-10-1402:47 AM. Last Modified: 2023-05-0211:51 PM
For administrators - how to determine what permissions are applied to groups and objects
Q - Is there any way to see how the security permissions propagate down the hierarchy? Basically be able to see how the objects security is implemented as either parent (then which parent) or if individual (then stated as individual).
A - Yes. There is a database column "ACLInherited" which tells you if the object/group has got the ‘Inherited’ checkbox enabled (i.e. has no custom permissions at that level) or, if False then there are custom permissions at that level.
This query will tell you most of the info:
SELECT "FullName" AS "FullName", "Id","ACLAsText","ACLInherited" FROM CDBOBJECT WHERE "ACLInherited" = FALSE ORDER BY "FullName" ASC
The column "ACLAsText" will be truncated if the text of it is too long, so for a definitive list you’d need to read permissions using the client API.
Here’s a Python program to list the full ACLs in the root group:
# Import .Net runtime support - needs "pip install pythonnet", supported by Python 3.8, 3.9?
import clr
# Get Geo SCADA Library
CS = clr.AddReference( "c:\Program Files\Schneider Electric\ClearSCADA\ClearSCADA.Client.dll" )
import ClearScada.Client as CSClient
# Create node and connect, then log in. (Could read net parameters from SYSTEMS.XML)
node = CSClient.ServerNode( CSClient.ConnectionType.Standard, "127.0.0.1", 5481 )
connection = CSClient.Simple.Connection( "Utility" )
connection.Connect( node )
connection.LogOn( "your user", "your password" )
# Read Security ACLs
R = connection.GetObject("$Root")
ACL = R.GetSecurity()
if (ACL.InheritedFromParent == False):
print( "ACL ", ACL.Count, " entries")
for user in ACL.Keys:
print( "Key: ", user, " ACL: ", ACL[ user].Permissions.ToObjectPermissions() )
There is a more complete example with recursion through all groups/objects and the permission names here: