earth_america
user_standard Log on
earth_america
Log on to rate and give feedback 1 2 3 4 5 Log on to rate
0
How to

How to


Products: Enterprise Central, Enterprise Server, Esmi Sense FDP
Functionalities: User Management
12/3/2024

Creating a User Account Group

You create a user account group to make it easier to manage users who require the same software permissions and workspaces.

Show More
action_close

Software permissions can be assigned to individual user accounts and to user account groups.

Path permissions can be assigned to both, individual user accounts and user account groups. Command permissions can be assigned to user account groups only and cannot be assigned to individual user accounts. If you want to assign command permissions to individual user account, you need to create a group with one individual. You assign command permissions to modify specific permissions that user account groups possess to specific objects on the given path.

Relative path permissions and type permissions can be assigned to both, individual user accounts and user account groups.

If no software permissions are configured for a user account or user account group, the user has no access to EcoStruxure Building Operation software. By default, new user accounts and new user account groups have no permissions to access EcoStruxure Building Operation software. Changes to the software permissions of a user account group or user account are applied the next time the user logs on.

You can also combine software permissions with other general policies for the user accounts that are members to the user account groups. For example, you can enable or disable the ability of the group members to change their passwords or to choose the workspace.

For optimal efficiency, assign software permissions to user account groups rather than individual user accounts, wherever possible. Using this approach, you can associate user accounts to at least one user account group for controlled permission to EcoStruxure Building Operation applications. A user account group can comprise both user accounts and other user account groups. You group user accounts and user account groups with similar interests. For instance, you can group software permissions with user accounts based on common tasks and responsibilities​

Example

You create a user account for Paul and associate him with the two user account groups: Administrators and Janitors. You associate Paul with those two user account groups. You grant Administrators and Janitors certain software permissions. Paul inherits software permissions of both user account groups.

 
action_zoom_plus_stroke Users inherit the user account group permissions of which they are members
Figure: Users inherit the user account group permissions of which they are members

To create a user account group
  1. In WorkStation, in the System Tree pane, select the EcoStruxure BMS server you want to configure.

  2. Click the Control Panel tab.

  3. Click Account management .

  4. In the Domain box, select the domain where you want to create the user account group.

  5. In the User Account Groups area, click Add .

  6. In the Create Object wizard, in the Name box, type a name for the user account group.

  7. In the Description box, type a description for the user account group.

  8. Click Next .

  9. In the Users Belonging to this Group page, in the Select from box, select a user account group to auto select the user accounts belonging to that group in the Available User Accounts list.

  10. In the Available User Accounts list, select the user accounts you want to add to the user account group.

  11. Click the Add button

     
    action_zoom_plus_stroke
    .

  12. Click Next .

  13. In the Workspaces Belonging to this Group page, in the ​Select from box, select a user account group to auto select the workspaces assigned to that group in the Selected Workspaces list box.

  14. In the Available Workspaces box, select the workspaces you want to add to the user account group.

  15. Click the Add button

     
    action_zoom_plus_stroke
    .

  16. Click Next .

  17. In the Windows Group Name and Group Policies page, select the User Interactivity check box to enable the user account group members to close the WorkStation software.

  18. Select the Audit Trailing check box to activate actions logging for the user account group members.

  19. Select the Password check box to enable the user account group members to change their own passwords.

  20. Select the Web Configuration check box to enable the user account group members to log on to field servers' Web configuration sites.

  21. Select the Personal Favorites check box to enable the user account group members to create personal favorites and a personal overview of their system.

  22. Select the Personal Dashboards check box to enable the user account group members to create personal dashboard. For more information, see How Dashboards Work .

  23. In the Automatic Logoff drop-down list box, select a time if you want the user account group members to be logged off after a defined time of inactivity. For more information, see Automatic Logoff .

  24. Select the Log Off To Guest Account check box to automatically log on to the Guest user account after a user account group member has been manually or automatically logged off. For more information, see Automatic Logoff to Guest Account .

  25. In the IP Address Allow List box, type IP addresses or ranges of IP addresses that can be used for log on by the user account group members. For more information, see Syntax for IP Address Allow List .

  26. In the Activation Schedule browse box, browse to the multistate schedule regulating the user account group members access hours.

  27. In the Schedule Value When Active spin box, choose the value corresponding to the user account group members access hours.

  28. In the Windows Group Name box, select the Windows Active Directory user account group you want to map to the EcoStruxure Building Operation user account group.

    Important:

    You can map Windows Active Directory universal and global account groups to EcoStruxure Building Operation user account groups, but you cannot map Windows Active Directory domain local user account groups.

    Note:

    To connect a Windows Active Directory user account group to an EcoStruxure Building Operation user account group, you need to establish the connection between the EcoStruxure Building Operation domain and Active Directory Windows domain. For more information, see Creating and Configuring a Domain .

    Windows Active Directory account groups can only be mapped on EcoStruxure BMS servers that are running on Microsoft Windows operating system. Field servers cannot map Windows Active Directory groups.

  29. Select the Zoning check box to allow the user account group members to perform zoning actions.

  30. Select the Change Control check box to enable user account group members to add comments and sign changes made in the system. For more information, see Change Control .

  31. Select the User Settings check box to enable user account group members to display invalid objects in WorkStation.

  32. Select the User Settings check box to enable user account group members to receive session notifications in WorkStation.

  33. Click Create .

  • Windows Active Directory User Groups
  • Creating a Workspace
  • Software Permissions, User Accounts, and User Account Groups
  • User Accounts and User Account Groups
  • Workspace Management
  • Creating a User Account
  • User Account Group Wizard – Workspaces Belonging to this Group Page
  • User Account Group Wizard – Windows Group Name and Group Policies Page
  • User Account Group Wizard – Users Belonging to this Group Page
  • Automatic Logoff
  • Automatic Logoff to Guest Account
  • Windows Group Name List Is Empty