20
3. Web Console continued
3.8 Preferences continued
3.8.3 Preferences > Security continued
Logging- This facility allows access to logs and log rotation
actions. Log rotation actions will only be available if the user
has at least Read Only access to the Contacts facility.
Device Status- The facility provides access to all device
variable information. These would include device status
variables, personalization variables and threshold variables. By
default, the localadmin and localmanager have ‘Read/Write’
access and localguest has ‘Read Only’ access. Any user that
will have any access to any other device data should have at
least ‘Read Only’ permissions for this facility.
Device Control- This facility configures whether a user has
access to device controls. Since this is a subset of devices, it is
required that the user has ‘Read Only’ access to device status
to either view or control loads. Configuring this to no access
will restrict a user from seeing the controls area of the program.
Device Events- This facility configures whether a user has access
to device events. Since this is a subset of devices it is required that
the user has ‘Read Only’ access to the device status and contacts
facility to properly view or modify events. Configuring this to No
Access will restrict a user from seeing events program area.
Device Loads- This facility configures whether a user has
access to device loads. Since this is a subset of devices it is
required that the user has "Read Only" access to device status
to either view or control loads. Configuring this to No Access will
restrict a user from seeing loads.
Actions- This facility is the program area that defines what
will happen when an event/alarm is detected. Data used for
actions is also included in this facility. This includes Email
Recipients, SNMP Destinations and HTTP Contacts.
Schedules- To allow a user to add scheduled tasks requires
that the user have Read/Write access to the device controls
facilities.
Discovery- This facility is the program area that allows
execution of a device discovery. This program area is most
commonly used for detecting an Envirosense temp/humidity
probe that has been connected to the SNMPWEBCARD after
initial startup.
Any changes applied to a user or multiple users must be confirmed by
pressing the [Save] button at the bottom of the page.
Facility Choice Examples
Administrative Permissions
The permissions for a user with administrator level clearance
should have access to all of the data in the system. The only facility
permission needed would be Default facility with Read/Write access.
These are the permissions given to the “localadmin” user created
upon initial startup.
Manager Permissions
The permissions for a user with manager level clearance should have
access to all of the data except for the security related data. The
permissions set for this should be Default facility with Read/Write
access and Security facility with no access. These are the permissions
given to the “localmanager” user created upon initial startup.
Guest Permissions
The permissions for a user with guest level permissions should be very
limited. This type of user would only have read only access to Status
and very basic system level information. The facility settings for this
type of user would be:
•DefaultFacility–NoAccess
•InfoFacility–ReadOnly
•LoggingFacility–ReadOnly
•DeviceStatusFacility–ReadOnly
These are the permissions given to the “localguest” user created
upon initial startup.
Limited Outlet Access Permissions
A user may be given permission to read limited data and to be given
update access to control only a subset of the outlets. The facility
settings to give that kind of access would be the following permissions:
•DefaultFacility–NoAccess
•DeviceStatusFacility–ReadOnly
•DeviceLoadsFacility–ReadOnly
In addition to these facility settings, the user would need to assigned
a set of outlet realms to specify the loads the user may control.
Outlet Realms
This is a comma-separated list of integers, or range of integers, indicating
which outlet realms this user may access. The access level to the realms
indicated is Read/Write. Each load may optionally be assigned to a
realm. Whatever loads belong to the realms indicated here, the user
may access. In order to correctly access the data, a user should have
at least Read Only permission for Device Status and Device Loads to be
able to user the realms.
ACL IP Address (Users with SNMP Access Only)
This defines the IP Address (or Addresses when used with the ACL IP
Mask) from which this user may access the data via SNMP.