Creating a group with administrator rights for visualizations

Configuration of user groups with restricted administrator permissions for the visualization

Typically, operators of the visualization are a separate user group from application developers. Therefore, the following steps can also be used to configure an administrator for the visualization, who has access only to the groups of the visualization.

This configuration is possible with runtime version 3.5.18.10 and higher.

For detailed information about CODESYS device user management and its operation, see: Handling of Device User Management

Requirement: A visualization group (example: VISU_ADMIN) has been assigned to a runtime group (example: RTS_GRP_RESTR) in the Visualization Manager on the User Management tab. In the device user management, the User_Restr user has been assigned to the RTS_GRP_RESTR group. The RTS_GRP_RESTR group has full View permissions for the controller.

1. In the device user management, on the Access Rights tab, grant the View permission for the UserManagement object to the RTS_GRP_RESTR group. To do this, select the UserManagement object, and in the Rights area on the right side, double-click the View field of the RTS_GRP_RESTR group. This opens a dialog prompting whether or not the changed permissions should also be changed for all child objects. Click No to refuse this action. Double-click the field again and click No again in the next dialog.

   • The symbol is displayed for the View permission. For all other groups (except Administrator), the permission should have the symbol.

2. For the RTS_GRP_RESTR group, deny the View permission to the Administrator group. As a result, users of the RTS_GRP_RESTR group cannot extend their permissions.

   Moreover, select the UserManagement → Groups → Administrator object and deny the View permission to the RTS_GRP_RESTR group.

   • The symbol is displayed.

     Now when you are logged in as a user with restricted administrator permissions on the application, you can create new users or modify existing users for the visualization, but not for groups with additional permissions on the controller.