Description
In general, it is a good idea to hide scenarios in the Workplace for operators.
When we have systems with manual sending station (or TTR) touch screens it is a
must. If we do not limit access the people in the plant have full access to QCX and can reset drivers etc. which a normal operator should be able to do.
Note! Do
NOT teach operators or even lab managers to log in as FlsAdmin. That account is computer administrator and puts much higher risk on malware, virus etc. Always use FlsEngineer and only use FlsAdmin in case administrator rights are needed to change group policies, updates to hosts files etc.
Workplace
In the Workplace we have 3 panes (products, applications, system) that contains scenarios we should limit depending on login. Below is an example from Conch system.
Configuration
In below configuration the Conch system from above will be used as example. There are many ways to configure this; below is just one example how it can be done.
- Log in to Workplace as FlsEngineer
- Configure new users ManSnd4, ManSnd9 and TTR using the System->Configuration->Access Control Claim Editor.
Click Edit button and then under Users click new button . In the “New workplace user” UI give a “Log on name” like below and then click Add button. Finally click Close button.
- In below screen dump “Touch User” has been selected, but it seems to have no influence on Workplace behaviour.
Finally Close and then in the toolbar of the Access Control Claim Editor click “Save changes”.
- Configure some roles in the general configuration UI under System->Configuration->Configuration-> Core->Portal->Role. For Conch example we will add TTR, ManSnd4 and ManSnd9.
- Now go to System->Configuration->Configuration->Core->AccessControl->Claim and the 3 new entries. With the respective user under each UserClaim.
- Now we can configure some Portal role claims under System->Configuration->Configuration->Core->Portal->RoleClaim. For Conch example we will create TTR, ManSnd4, ManSnd9, System and LabOperator.
With the following settings for all 5 role claim.
| Role claim | RoleRef |
| TTR | Engineer |
| class="Index1" | | TTR |
| ManSnd4 | Engineer |
| class="Index1" | | ManSnd4 |
| ManSnd9 | Engineer |
| class="Index1" | | ManSnd9 |
| LabOperator | Engineer |
| class="Index1" | | Operator |
| System | Engineer |
- Now log in to Workplace as FlsAdmin otherwise we cannot change settings on system rows. In general configuration go to System->Configuration->Configuration->Core->Portal->SystemScenario. Set RoleClaimName=System for all.
- Now go to System->Configuration->Configuration->Core->Portal->ProductNavigationProduct and set RoleClaimName=LabOperator for the following scenarios.
- A. QCXBlx (If Applicable)
1. QcxBlx.MillMillMain - B. QCXAutoSampling
1. AutoSamplingOperation - C. QCXManager
1. RecipeManagementActiveSamples - D. QCXReporting (If Applicable)
1. ReportingSurveyor
2. ReportingReportViewer
3. TrendTrendPlot - E. QCXRoboLab
1. RecipeManagementSampleLogin
2. RoboLabOperation
The rest we will leave RoleClaimName blank. Example:
- Now go to System->Configuration->Configuration->Core->Portal->ApplicationFolder and set RoleClaimName=LabOperator for the following Applications Scenario’s
- Now on QCX Server log in to Windows as FlsAdmin and open Windows Computer Management.
- Right click on Users and select “New User…”. Create users TTR, ManSnd4 and ManSnd9 all with password 123 and following settings.
- Do the same on TTR log in PC, ManSnd4 log in panel and ManSnd9 log in panel. But only create the one user needed on each panel.
- Finally, one more thing to do so users don’t need to log into the Workplace especially out in the field on the touch screens it can be annoying. Open the general configuration under System->Configuration->Configuration->Core->Portal->AutomaticLogOn and enable the checkbox LogOnCurrentWindowsUser. Note, this will now be enabled on all PCs running the QCX Workplace.
- Remember the new users that were have no rights to operate the QCX system, they will only be able to see the scenarios in the Workplace. So if the new users ManSnd4 and ManSnd9 should be able to operate the login screen then they need the Access Control Claim for Fls.Qcx.AutoSampling->ManSndControl. If the user still has too many limitations, find and select the correct Access Control Claims.
