Access Control

Introduction

The BMENUA0100 module supports local authentication of users based on the use of username/password combinations for:

Configuration of the module cybersecurity settings via HTTPS
Firmware download via HTTPS
Module web page diagnostics via HTTPS

NOTE: Only a user with the role of Security Administrator can create, edit, or delete user accounts.

The BMENUA0100 web pages provide tools for the management of users. Starting in the Home page, click on Access Control to display a list of existing OPC UA users, including their roles and permissions. In this page you can:

Add a user.
Update the profile of an existing user.
Delete a user.

User Management

The BMENUA0100 module provides role based access control (RBAC). All users are assigned a role and can perform only those tasks associated with that role.

The following roles and permissions are supported:

Role	Permissions
Role	Cybersecurity Configuration	Firmware Upgrade	Diagnostic Web Page Access	OPC UA Protocol Access
SECADM	Update, Read, Delete	–	Read	–
OPERATOR	–	–	Read	Connect
ENGINEER	–	–	Read	Connect
INSTALLER	–	Update	Read	–

Each BMENUA0100 module supports a maximum of 15 simultaneous users.

No custom roles or custom permission sets can be configured. No IP address-based access control whitelist can be configured.

Add a User

A Security Administrator can click New User then complete the following parameters to add a new user:

Parameter	Description
User name	The user ID. The user will enter this along with the password to gain access to the permitted functions.
Password	The user password. Because the password is not displayed in clear text, enter this value twice to confirm its accuracy. NOTE: Each password must be at least 8 characters long, and must contain at lest one of the following characters: an upper-case alpha character (A...Z) a lower-case alpha character (a...z) a base 10 digit (0...9) a special character ~ ! @ $ % ^ & * _ + - = ` \| \ ( ) [ ] : “ ‘ < >
Confirm Password
Roles	Select the user role, which will define the permissions granted to the user: Security Administrator Operator Engineer Installer

Click Apply Changes after these parameters are configured to create the new user.

Update User

To edit the settings of an existing user, a Security Administrator can click on the edit icon (pencil) for the profile you want to edit. Click Apply Changes to save your edits. The same dialog used to add a new user opens, letting you update some or all of the selected user’s configuration,

Delete User

To delete an existing user, a Security Administrator can right click on that user in the list, and under Delete User click OK .