You use command permissions to configure exceptions from path permissions. You can set the following permissions for a command: no setting, deny, allow.
No Setting: No Setting is the default command permission setting. No Setting means that the Command property in the path permission, for the folder where the object is located, decides whether the user has permission to modify the object or not.
Deny: Users are not allowed to use the command.
Allow: Users are allowed to use the command.
You allow a user account group only to add comments to trend log records. All other command permissions for trend logs have the Deny permission. Users with the Deny command permission can comment on existing records but are not allowed to perform other actions such as adding records or clearing the trend log. This assumes that the users have path permission to access the trend logs.
In another example, the user account group has the path permissions read, write, create, delete, edit, force, and command to a folder that contains BACnet objects. To prevent the users in the user account group from updating the BACnet firmware, you use the Deny command permission for this action. All other command permissions are changed to No Setting. Due to the full set of path permissions, the users can perform all commands on BACnet devices, but not update the firmware.
In afinal example, the user account group has the path permission Read to the Enterprise Server. To enable the users in the user account group to perform all commands on trend logs in the system, you change all the command permissions on the Trends category to Allow.
A user account can be a member of several user account groups with different permissions. The priority between different permissions follow a set of permission rules. You can use these permission rules to manage the type of data and commands the user has access to within a workspace, panel, or domain. Pour plus d'informations, voir Software Permissions Rules Management .