We've recently had a customer encounter an issue which destabilised their Geo SCADA Expert system which I can't see a good way to easily overcome.
The issue was:
A user with configuration permissions to the database imported an SDE which should not have been imported.
This SDE contained a database backup object, and associated objects which resulted in the backup running quite frequently, and it had the historical data tick boxes ticked, so it consumed large amounts of disk space (on C:\).
The security settings associated with the objects were also such that within the production system that they were deployed in the objects were not visible to any configured users, nor were the objects able to be deleted by anyone other than the superuser account.
Given the current security configuration of Geo SCADA Expert, I can't see an easy way to prevent this from occurring, whilst still allowing such 'authorised users' to instantiate new sites, and configure outstation objects / points associated with those new sites. This is not something that we wish to be purely a SCADA Admin task.
So what would be good would be something like one of these options:
1. The ability to only allow certain objects to be created within certain portions of the Database Hierarchy (i.e. we never want anything other than Points / Groups / Outstations / Mimics outside of the !Config / !System groups)
2. The ability to only allow certain objects to be created by certain user groups (i.e. we never want SCADA Integrators to be able to create / configure anything other than Points / Groups / Outstations / Mimics)
I understand the counter argument is that ALL configuration changes should only be performed by people with appropriate trust / experience to make such damaging changes to the database, however for large systems, it is not always practical to ensure all people are sufficiently experienced. Some of these customers are deploying up to 80 new sites a week, the amount of labour required to do that means that it can't be all driven in-house by SCADA Admins. So sectioning off security levels becomes a requirement.