Welcome to the new Schneider Electric Community

It's your place to connect with experts and peers, get continuous support, and share knowledge.

  • Explore the new navigation for even easier access to your community.
  • Bookmark and use our new, easy-to-remember address (community.se.com).
  • Get ready for more content and an improved experience.

Contact SchneiderCommunity.Support@se.com if you have any questions.

Close
Invite a Co-worker
Send a co-worker an invite to the Exchange portal.Just enter their email address and we’ll connect them to register. After joining, they will belong to the same company.
Send Invite Cancel
84549members
353812posts

[Imported] Set WebX Control Privileges by IP address or user name in 2017 (Sept 2017 update)?

EcoStruxure Geo SCADA Expert Forum

Find out how SCADA systems and networks, like EcoStruxure Geo SCADA Expert, help industrial organizations maintaining efficiency, processing data for smarter decision making with IoT, RTU and PLC devices.

Solved
sbeadle
Janeway Janeway
Janeway
0 Likes
1
367

[Imported] Set WebX Control Privileges by IP address or user name in 2017 (Sept 2017 update)?

>>Message imported from previous forum - Category:ClearSCADA Software<<
User: tcookson, originally posted: 2018-11-13 17:24:43 Id:316
I'm working on a system with a mix of ViewX and WebX clients and need some help adjusting security. There are a few "plant floor" WebX clients where I want to enable full control for logged in ClearSCADA users, and a few "roaming" clients that I want to have view only.

How do I (or can I):
* specify which users are allowed to login from which clients (ViewX and WebX), ideally by client IP or node name? I know how to enable/disable WebX globally, but not how to (or if it's possible) to enable/disable WebX based on IP.
* enable/disable WebX control privileges by IP or user name? plant operators should have write/control access from ViewX, and from plant floor WebX, but not remote WebX.

For what it's worth, I'm a PLC/SCADA guy, not an IT guy. I'm willing to dive into IIS, but I'll need more guidance than just "go fix it in IIS on the WebX server"...

Thanks in advance.


Accepted Solutions
sbeadle
Janeway Janeway
Janeway
0 Likes
0
366

Re: [Imported] Set WebX Control Privileges by IP address or user name in 2017 (Sept 2017 update)?

>>Responses imported from previous forum


Reply From User: tim_cjn, posted: 2018-11-14 17:27:51
Hello,

For disabling WebX operations, have you tried unchecking "operate" on the WebX tab for the user?

This is an interesting question, thank you.

You can specify which users are allowed to access ViewX or WebX from ViewX by going to ConfigSecurityUsers and selecting the user you'd like to edit. On the general tab, you'll see a box with three checkboxes: [ ]ViewX [ ]Phone [ ]WebX. Simply check or uncheck the tabs as needed.

You will also be able to specify this in a user pattern for automatic user creation using Windows LDAP, so you don't find yourself having to manually uncheck it for an abundance of users.

Regards,
Tim


Reply From User: tcookson, posted: 2018-11-16 19:16:43
I know how to enable enable/disable WebX and ViewX by user name. What I want to do is enable/disable WebX and ViewX by the IP address/client node name/location that the user is logged in from.


Reply From User: adamwoodland, posted: 2018-11-18 22:24:44
With core functionality there isn't the level of control you want without adding additional servers (i.e. user server-side restrictions on what clients connected to each server can do)

However you could add some script to the homepage mimic that checks the user against some lookup, and if there is/isn't a match leaves them logged in, else logs them out straight away (maybe with a message box).

Not perfect, but might just do what you want.

See Answer In Context

1 Reply 1
sbeadle
Janeway Janeway
Janeway
0 Likes
0
367

Re: [Imported] Set WebX Control Privileges by IP address or user name in 2017 (Sept 2017 update)?

>>Responses imported from previous forum


Reply From User: tim_cjn, posted: 2018-11-14 17:27:51
Hello,

For disabling WebX operations, have you tried unchecking "operate" on the WebX tab for the user?

This is an interesting question, thank you.

You can specify which users are allowed to access ViewX or WebX from ViewX by going to ConfigSecurityUsers and selecting the user you'd like to edit. On the general tab, you'll see a box with three checkboxes: [ ]ViewX [ ]Phone [ ]WebX. Simply check or uncheck the tabs as needed.

You will also be able to specify this in a user pattern for automatic user creation using Windows LDAP, so you don't find yourself having to manually uncheck it for an abundance of users.

Regards,
Tim


Reply From User: tcookson, posted: 2018-11-16 19:16:43
I know how to enable enable/disable WebX and ViewX by user name. What I want to do is enable/disable WebX and ViewX by the IP address/client node name/location that the user is logged in from.


Reply From User: adamwoodland, posted: 2018-11-18 22:24:44
With core functionality there isn't the level of control you want without adding additional servers (i.e. user server-side restrictions on what clients connected to each server can do)

However you could add some script to the homepage mimic that checks the user against some lookup, and if there is/isn't a match leaves them logged in, else logs them out straight away (maybe with a message box).

Not perfect, but might just do what you want.