User authentication

The WinCC OA user authentication will be used during the login to the Excel Report if it's specified in the general options for the host that the WinCC OA login shall be active. I.e. any user who wants access to this host via the Excel Report must exist in the WinCC OA project and know the login information.

The authorization of a user in WinCC OA will affect the management function (i.e. configuration) and visibility of protocols of other users. Since the authorization is specified in WinCC OA, it's easy to apply changes by a CTRL script.

Preparations by the administrator

The checkbox "WinCC OA login" must be active in the general options for a particular host so that the user authentication is effective for that host.

If the Excel report is started with the environment variables ER_LOGIN = user_name, ER_PWD = encrypted_password, it runs without any further login query.

Therefore, the validity of the login is verified via the internal ExcelReport data point (data point type _report) and a related control script in WinCC OA is checked. If the environment variable is not set or the login is invalid, a login window will be displayed. The user has to authenticate with its WinCC OA login data. This will verify the global permissions of the user.

Global (area-independent) permissions

Those permissions mainly refer to management functions (control during a call) and must be defined via "user administration" in the system management.

Via the Settings Management you can enter the following setting names (refer to "Value Table - Permissions" in _Report). They have to be created as global and with default values, however, they can be modified for each user in the user settings management. The settings will be passed to the internal data point _Report via a control script automatically.

Setting Type Value example Description
ExcelReport_edit_template bool TRUE Templates editable/ Create Templates
ExcelReport_upgrade_template bool TRUE Update Templates
ExcelReport_shortcut bool TRUE Quick selection can be used
ExcelReport_scheduler bool TRUE Scheduler can be used
ExcelReport_recipients bool TRUE Mailing lists can be used
ExcelReport_options bool TRUE Options can be set
ExcelReport_read_archive bool TRUE Archive structure readable
ExcelReport_edit_basevalues bool TRUE Basic values editable
ExcelReport_edit_costs bool TRUE Costs editable

All these setting names must be specified as type boolean and can be set to TRUE or FALSE individually for each user.

Figure 1. User-dependent permission settings
Permission bit
templates configuration
creating / modifying/ saving 1
upgrading 2
protocol parameterizing
setting quick selection 3
setting time table 4
setting mailing list 5
protocol configuration
setting options 6
importing structure data 7
editing base values 8

The execution of the schedule is independent of the permission control of the current user. The administrator has the responsibility for correct entries of possible changes to the permissions.

Area-dependent permissions

The area permissions must also be entered global in the Settings Management before you can modify them for each group and automatically pass them to the internal data point _Report by the control script.

Therefore, you have to enter the following setting names:

ExcelReport_new_protocol

ExcelReport_edit_protocol

They must be specified as type string. The entries for the settings must be entered like this:

<area>,<permission 0|1>

Figure 2. group settings

There are two different permissions:

permission bit
protocol
creating 1
editing 2

The permitted areas of a template are read out of the management of the quick selection. There are only those protocols displayed, for which the user has the area permission.

Area selection of a template

When creating a new template, the selection of the permitted area will be queried (multiple selection). This will be saved in the template configuration (as an index in the area list). The list of all areas will be provided by the control script in the internal data point. Index 0 means that all areas are provided.

Figure 3. Select area

Because of indexing, a subsequent change of the areas will affect all previously created templates.

Example

  1. Open the user management panel through the system management.

  2. Click on the settings management button.

  3. Add the settings described at the beginning of this chapter and close the panel.

  4. In the panel user administration, click the Administrate Areas button.

  5. Create the areas for your groups.

Figure 4. Area Administration

  1. In the panel user administration, click on Administrate groups.

  2. Create the groups for your users (for example, groupA and groupB).

  3. Add the areas for the groups, for example, areaA for groupA.

Figure 5. Group Administration

  1. Add permissions using the button with the same name.

  2. Then select a group, for example, groupA and click on the Settings button. The Define Settings Panel is opened. Add all the settings as shown in the figure below.

Figure 6. Define Settings Panel

  1. Change the values for the entries ExcelReport_edit_protocol and ExcelReport_new_protocol to:

areaA, 1

areaB, 0

and conversely. It is possible to restrict the rights of the groups so that they cannot edit costs or open the options by setting values to FALSE. Close the panel.

  1. In the user administration panel, click on Add. Add your users, for example, userA and userB and add groups for the created users.

Figure 7. User Characteristics Panel

  1. Open the Excel report through the System Management panel -> Reports tab.

  2. Activate the macros.

  3. Select "WinCC OA Login active" from AddIns- Report - Configuration - Option and click OK.

  4. Enter a user name and the password for the user, for example, userA.

  5. Select Archive Structure from Report - Configuration menu.

  6. Create a new template for your project and select the areas for the logged in user (the logged in user is shown in the table in the upper left corner)

Figure 8. Excel report with a logged in user - userA