Orion System Security & Audit Trail
Orion Manual Rev1.7.5 06-04-2006.pdf [1.1MB] Back to Main Orion Screen
Overview: System Setup, Security & Audit Trail Orion offers multiple features that are described in Orion's main Page. In some applications all of these features may be used, in others some features will not have a function and in many security password and/or audit trail of operator activity is required and/or provides benefit(s). Orion System Setup is described on other pages linked to Orion. A review of System Setup is below and specifically to the Enable/Disable Menu items; disabling a Menu Item "grays out" that feature. Orion Security System follows with detail on System User creation, rights, etc. and Audit Trail of operator activity.
Orion System Setup - Enable/Disable Features [gray out unused features] System followsThe Orion configurtion will run the first time the Orion system is powere up. The Orion configurator allows the user to select the number of devices on the link, device tagname, custom alarm messages, option to allow user or OEM to customize the "splah screen when Orion runtime boots AND selection of menu items that shold be accessible to the user during Orion operation. Click here for more detailed information on Orion Setup.
The Orion Enable / Disable configuration is part of Orion's System Configuration and technically not part of Orion System Security. Due to the number of standard features Orion offers the Enable / Disable configuration provides a powerful feature allowing a sytem integrator or OEM to enable or disable any of the views in the Orion runtime. This provides the ability to "lock out" any menu item(s) or screen(s) in the Orion runtime system. If a menu item is disabled at the configurator, the item will be "grayed" out when the Orion runtime is started. This provides the integrator or OEM the ability to customize the Orion system for specific needs while disabling functions the end user might not require. Checking a box for an item enables the feature in the Orion runtime. If the checkbox is not checked, the feature is disabled in the Orion runtime.
Click here for more detailed information on Orion Setup.
The Orion runtime menu system provides a familiar, easy to use interface while reducing screen "clutter" by eliminating extra buttons required for navigation. Each series of interface screens will have their own series of menus specifically focused on the tasks for the specific screen.
Shown below at the "top" level menu when Orion runtime first loads.
The "Security" menu from Orion's main menu structure provides access to the security section of Orion.
The "Security" menu provides the following functions:
Setup: Provides access to security setup to add users, rights and options.
Log On: Log on a user if security is enabled.
Log Off Log off a user if security is enabled.
View Audit Trail: View audit trail entries for any day. User actions, entries, etc..
View Current User: View the current user logged into the system.
Orion's security model provides an administrator with the tools to add up to 30 users to the system. Each user must have a unique ID, full name and password. 3 levels of users are provided to include operator, supervisor and administrator levels. Specific access rights can be assigned to each user level as well as password aging for each user. Re-authentication is provided (if enabled) for any parameters that will change a control parameter which could upset the process (i.e. setpoint, tuning, etc.). Re-authentication requires that the logged in user must log in again before the process value (at the controller) will actually be changed. This feature is provided for extra security. The following example will make re-authentication clearer:
A supervisor logs on the system. The supervisor then steps away from the system to take a phone call but does not log out before leaving. If another user tries to change the control setpoint on any loop the system will require another login (by an authorized user for that level) before the control setpoint is actually changed. This provides an extra level of protection to make the system more "tamper proof".
Return to Top
The "Add User" tab provides the ability to add up to 30 users to the system. Select the type of user from the drop down list (Operator, Supervisor or Administrator). Press each field to add the user ID, full name and password (no spaces allowed). If the passwords do not match or the user ID is already used, Orion will alert the user and not accept the entry. Click on the password aging checkbox if you wish to enable password aging for this user. If password aging is enabled and the password has expired, a new password must be entered for the user by the system administrator before that user can log into the system again.
Note: The system administrator can not use the "Password Aging" option. This will lock the administrator out of the system, thereby preventing the system administrator from managing passwords for the system users. Orion will prevent administrators from using this option.
The "Users" tab provides the administrator the ability to view information on each user entered into the system. Password information is not available. The user can be deleted from this tab and the password for each user can also be changed from this area.
The "User Rights" tab provides the administrator the ability to assign rights to each user level (User, Supervisor and Administrator). Select the user type from the drop down box and then enable or disable specific program functions (rights) by selecting the checkbox next to the function. If the checkbox is selected, the user right will be enabled for the user level currently being edited. The "Select All" and "Clear All" buttons will select or clear all rights in the "user rights" list view. You must press the "Accept" button for each user level to save the selections for that user type, before selecting another user type from the drop down list, or entries made will not be saved.
Important Note: If you disable the "Access Security" right option for all user groups (user, supervisor and administrator), you lock all users from entering the Orion security mode. Always leave this option "unchecked" for the system administrator, so security can be entered to make changes to user settings. If you lock all users (including the system administrator) from access to security, you must order a new compact flash card since there is no "back door" to enter system security.
The "Security Options" tab provides the administrator the ability to set the global security options.
Enter Number Of Days Before Password Renewal Is Required:
This is a global setting for all users. Password aging starts from the day the user is entered into the system.
Re-authenticate user during process changes:
This feature requires that the logged in user must log in again before the process value (at the controller) will actually be changed.
Enable/Disable Audit Trail:
This is a global setting that turns the audit trail on or off. When the audit trail is turned on, all operator actions are written to a daily log.
Enable/Disable Security:
This is the global setting that turns the Orion security system on or off.
Audit Trail is active when Security is enabled and the Enable/Disable Audit Trail is ON. If a user is logged into the system all operator activity will have an Audit Trail created. If a user log in is not required the Audit Trail will show a user as "Orion System". The Audit Trail will show all activities including power up sequence and any & all operator activity from accessing the Audit Trail, changing Setpoint, opening Historical/Trend Views, etc.
The Audit Trail may be accessed through the System Security menu and is displayed in similar fashion as Alarm History. [A sample view display was not available at time this page was last updated.]
The Audit Trail file is stored in a .csv format and can be copied to the I-Stick card using the File Utilities tools. A sample Audit Trail shown in ExcelŽ is shown below and can be downloaded here - Sample Orion Audit Trail.zip
This Audit Trail Sample shows several users: Orion System, AL02 and AL01.
Product Brochure & Manual
Orion Manual Rev1.7.5 06-04-2006.pdf [1.1MB]
Orion DataView PC Software Download
Orion DataView Installer 1.0.zip [9.9MB]
Configuration & Setup Screens.htm [Configuration of Orion System]
System Setup.htm: Faceplates, SP limits, delays, touch calibr, etc.
Data Views.htm: Single & Dual Loop, Bargraph, Alarm Monitor, Pushbutton Status, Trend & Overall Views
Data Logging & View Historical Data.htm
PID Values.htm: create, save, edit & download
Recipes: Single Setpoint, PID & Alarm Recipes.htm: create, save, edit & download
Recipes: Ramp/Soak Profiles [Setpoint Recipes].htm: create, save, edit, download & run.htm
Digital Alarm Monitor "First-In" & Push Button Controls.htm
System Security & Audit Trail.htm
Future Design Controls 888.751.5444 csr@futuredesigncontrols.com