164 • 4-Series™ Control Systems Product Manual — Doc. 8559B
Local User Login
If a user opens a connection to the console, the console prompts the user for a username and
password as shown in the example below.
PRO4 Console
Login: jsmith1
Password: ******
PRO4>
Local users are created with no access rights. Even if a user has an account in the control system,
the user cannot connect to the control system console unless the user been added to a group. To
grant access to the user, an administrator must ensure that the user has been first added to a
group.
Active Directory Login
To log onto the console as an Active Directory user, both the domain name and username must
be provided (separated by a "\" or "/") when prompted by the console.
PRO4 Console
Login: csusers\jsmith1
Password: *****************
PRO4>
After an administrator adds an Active Directory user or group to the control system, the name
and SID of the user or group is stored in the control system.
When an Active Directory user attempts to authenticate against the console, the console in turn
uses the user credentials to authenticate against the Active Directory service. If the Active
Directory authentication is successful, the console queries the Active Directory service for the
user's SID:
l
If the user has been added to the control system, the console compares the SID from the
Active Directory service with the stored SID. Access is granted to the user only if the SIDs
match.
l
If the user has not been added to the control system, the console queries the Active
Directory service for all groups containing the user and retrieves the group SIDs. The
console then iterates these SIDs to compare them to the stored group SIDs. Access is
granted to the user only if at least one match is found.
To Next Page
Loading...
