Authorization Concept

General User Permissions

The general user permissions specifying permissions such as write or read access or right to acknowledge alerts are specified in WinCC OA by using the authorization levels (bits). The user permissions are a combination of these bits. Five authorization levels exist by default. The authorization levels are specified for user groups. Each user has to belong to a group. A user may also belong to several groups. If a user belongs to several groups, the user rights of this user are a combination of the rights for the different groups. Five user groups exist by default - see chapter Groups.

System authorizations

The system authorizations allow you to select different authorization levels for different actions:

• Create, change, rename or delete data point types.

• Edit the data pointalias or the authorization (_auth) config of a data point

• Permission for the WinCC OA User Administration

This means that only the users that possess a specific authorization level (bit), can change data points or set user permission via the User Administration etc. - see the list above. See chapter system authorizations for more information.

Read and Write Permission for Data Point Configs

Read and write permission for specific data point configs are specified by using the _auth config. This means that if a user does not have a general permission to write data point values in a WinCC OA system, write permission can be granted to the same user for a specific data point config by using the _auth config. Therefore, the _auth configs allow a specific configuration of additional data point configs such as alert handling.