Welcome to the new Schneider Electric Community

It's your place to connect with experts and peers, get continuous support, and share knowledge.

  • Explore the new navigation for even easier access to your community.
  • Bookmark and use our new, easy-to-remember address (community.se.com).
  • Get ready for more content and an improved experience.

Contact SchneiderCommunity.Support@se.com if you have any questions.

Close
Invite a Co-worker
Send a co-worker an invite to the Exchange portal.Just enter their email address and we’ll connect them to register. After joining, they will belong to the same company.
Send Invite Cancel
84248members
353348posts

[Imported] Show or hide objects based on group membership, is this possible without static path

EcoStruxure Geo SCADA Expert Forum

Find out how SCADA systems and networks, like EcoStruxure Geo SCADA Expert, help industrial organizations maintaining efficiency, processing data for smarter decision making with IoT, RTU and PLC devices.

Solved
sbeadle
Janeway Janeway
Janeway
0 Likes
1
792

[Imported] Show or hide objects based on group membership, is this possible without static path

>>Message imported from previous forum - Category:ClearSCADA Software<<
User: johnny07, originally posted: 2019-03-13 14:15:15 Id:383
Hello, we want to show or hide objects in a mimic based on group membership.

now we are using something like below to check membership
"(['_Config.Security.Users.' +USERNAME()+'.UserGroupNames[0]']="..Security.User Groups.GroupName.FullName")

this is working, but when we move the user or group to an other location, this is not working anymore.

is there a better solution where we can move users and groups around without issues? based on some id for example.


Accepted Solutions
sbeadle
Janeway Janeway
Janeway
0 Likes
0
791

Re: [Imported] Show or hide objects based on group membership, is this possible without static path

>>Responses imported from previous forum


Reply From User: sbeadle, posted: 2019-03-13 15:32:40
Replace '_Config.Security.Users.' with "_Config.Security.Users.FullName"
(Note quotes)
BUT - this seems to be a complex way of doing this.
Security settings are primarily based on a users permissions to do something on an object.
For example, the expression
".ValveAPoint.CheckAccess ('OVR')"
will check whether the object (with a relative reference here) can be overridden by the logged in user.


Reply From User: johnny07, posted: 2019-03-14 10:14:18
[at]sbeadle said:
Replace '_Config.Security.Users.' with "_Config.Security.Users.FullName"
(Note quotes)
BUT - this seems to be a complex way of doing this.
Security settings are primarily based on a users permissions to do something on an object.
For example, the expression
".ValveAPoint.CheckAccess ('OVR')"
will check whether the object (with a relative reference here) can be overridden by the logged in user.

thanks for this answer, i think i must choose for the CheckAccess option.

the issue is that i have been windows AD administrator, everything is based on group membership and the use of nested groups is also possible.

i am new to ClearScada, i need to think another way.

Thanks,

Johnny

 

 


Reply From User: tfranklin, posted: 2019-03-14 13:37:01
What Steve suggests is the best way that you can handle it in my opinion. If you need an alternative for whatever the reason there are two other methods that I've run across that work but really aren't necessary in most cases:

1) If you want to see if a user is within a user group or if a usergroup contains a user you can cast the array as a string and do an INSTRING. This isn't really too efficient but it works.

Example:

Usergroup contains a user: INSTRING(STR(".User Group Sample.GetUsers"),'tfranklin')0
User contains a usergroup: INSTRING(STR(".tfranklin.UserGroupNames"),'User Group Sample') 0

2) You can create dummy objects in the system like variable or parameter points and then remove the read permission for them. Think of this as creating you own user permissions to some degree. I can create a parameter called 'GasControlSupervisor' and then take away the read permission for that object for everyone but a certain group of users. When you want to evaluate this in an expression, you can use the EXISTS expression to work around it.

Example:

Visible animation: EXISTS("~Config.Special Permissions.GasControlSupervisor")

For users that don't have read access to that object, it'll never show up.

 

Reply From User: johnny07, posted: 2019-03-14 15:32:18
[at]tfranklin said:
What Steve suggests is the best way that you can handle it in my opinion. If you need an alternative for whatever the reason there are two other methods that I've run across that work but really aren't necessary in most cases:

1) If you want to see if a user is within a user group or if a usergroup contains a user you can cast the array as a string and do an INSTRING. This isn't really too efficient but it works.

Example:

Usergroup contains a user: INSTRING(STR(".User Group Sample.GetUsers"),'tfranklin')0
User contains a usergroup: INSTRING(STR(".tfranklin.UserGroupNames"),'User Group Sample') 0

2) You can create dummy objects in the system like variable or parameter points and then remove the read permission for them. Think of this as creating you own user permissions to some degree. I can create a parameter called 'GasControlSupervisor' and then take away the read permission for that object for everyone but a certain group of users. When you want to evaluate this in an expression, you can use the EXISTS expression to work around it.

Example:

Visible animation: EXISTS("~Config.Special Permissions.GasControlSupervisor")

For users that don't have read access to that object, it'll never show up.

tfranklin,

thanks for this very usefull additional info.
i am still learning CS, very much possibilities to achieve things.
i save your info, i might be very usefull in the future.

Thanks,

Johnny

See Answer In Context

1 Reply 1
sbeadle
Janeway Janeway
Janeway
0 Likes
0
792

Re: [Imported] Show or hide objects based on group membership, is this possible without static path

>>Responses imported from previous forum


Reply From User: sbeadle, posted: 2019-03-13 15:32:40
Replace '_Config.Security.Users.' with "_Config.Security.Users.FullName"
(Note quotes)
BUT - this seems to be a complex way of doing this.
Security settings are primarily based on a users permissions to do something on an object.
For example, the expression
".ValveAPoint.CheckAccess ('OVR')"
will check whether the object (with a relative reference here) can be overridden by the logged in user.


Reply From User: johnny07, posted: 2019-03-14 10:14:18
[at]sbeadle said:
Replace '_Config.Security.Users.' with "_Config.Security.Users.FullName"
(Note quotes)
BUT - this seems to be a complex way of doing this.
Security settings are primarily based on a users permissions to do something on an object.
For example, the expression
".ValveAPoint.CheckAccess ('OVR')"
will check whether the object (with a relative reference here) can be overridden by the logged in user.

thanks for this answer, i think i must choose for the CheckAccess option.

the issue is that i have been windows AD administrator, everything is based on group membership and the use of nested groups is also possible.

i am new to ClearScada, i need to think another way.

Thanks,

Johnny

 

 


Reply From User: tfranklin, posted: 2019-03-14 13:37:01
What Steve suggests is the best way that you can handle it in my opinion. If you need an alternative for whatever the reason there are two other methods that I've run across that work but really aren't necessary in most cases:

1) If you want to see if a user is within a user group or if a usergroup contains a user you can cast the array as a string and do an INSTRING. This isn't really too efficient but it works.

Example:

Usergroup contains a user: INSTRING(STR(".User Group Sample.GetUsers"),'tfranklin')0
User contains a usergroup: INSTRING(STR(".tfranklin.UserGroupNames"),'User Group Sample') 0

2) You can create dummy objects in the system like variable or parameter points and then remove the read permission for them. Think of this as creating you own user permissions to some degree. I can create a parameter called 'GasControlSupervisor' and then take away the read permission for that object for everyone but a certain group of users. When you want to evaluate this in an expression, you can use the EXISTS expression to work around it.

Example:

Visible animation: EXISTS("~Config.Special Permissions.GasControlSupervisor")

For users that don't have read access to that object, it'll never show up.

 

Reply From User: johnny07, posted: 2019-03-14 15:32:18
[at]tfranklin said:
What Steve suggests is the best way that you can handle it in my opinion. If you need an alternative for whatever the reason there are two other methods that I've run across that work but really aren't necessary in most cases:

1) If you want to see if a user is within a user group or if a usergroup contains a user you can cast the array as a string and do an INSTRING. This isn't really too efficient but it works.

Example:

Usergroup contains a user: INSTRING(STR(".User Group Sample.GetUsers"),'tfranklin')0
User contains a usergroup: INSTRING(STR(".tfranklin.UserGroupNames"),'User Group Sample') 0

2) You can create dummy objects in the system like variable or parameter points and then remove the read permission for them. Think of this as creating you own user permissions to some degree. I can create a parameter called 'GasControlSupervisor' and then take away the read permission for that object for everyone but a certain group of users. When you want to evaluate this in an expression, you can use the EXISTS expression to work around it.

Example:

Visible animation: EXISTS("~Config.Special Permissions.GasControlSupervisor")

For users that don't have read access to that object, it'll never show up.

tfranklin,

thanks for this very usefull additional info.
i am still learning CS, very much possibilities to achieve things.
i save your info, i might be very usefull in the future.

Thanks,

Johnny