9.2.2 Specifying user permissions
Requirements     
SIMATIC Logon must be installed on every PC running BATCH applications. SIMATIC Logon 
consists of two components:
● SIMATIC Logon Role Management (integrated in the BatchCC)
● SIMATIC Logon Service (logon dialogs)
Basic requirements for working with SIMATIC Logon:
● To configure SIMATIC Logon for use in SIMATIC BATCH, there must be a Windows user 
who is a member of the "Extended_Logon_Administrator" group. You can log on with this 
membership (Start > SIMATIC > SIMATIC Logon > Configure SIMATIC Logon) and open 
the "Configure SIMATIC Logon" dialog. There, you decide, for example, the language 
setting for the logon dialog in the BatchCC. By being a member of this group, you can log 
on in the BatchCC and open and configure roles management. However, you have no 
operator input rights whatsoever in SIMATIC BATCH. 
● Users intended to use SIMATIC BATCH must be added to the members of the "SIMATIC 
BATCH" and "SIMATIC HMI" Windows groups. Only then can you assign the relevant roles 
for SIMATIC BATCH to these users in the SIMATIC Logon roles management (Options > 
Roles management in the BatchCC).
● Certain individual rights are defined for each role. This allows precise rights to be defined 
for every operator of the batch process cell. To adapt the individual permissions and the 
permissions for computers and units in the "Permission management" dialog, you require 
a user that has been assigned the role of super user in the role management.
Note
Permission management on the BATCH server
If permissions are managed on the BATCH server, it is not enough to simply install SIMATIC 
Logon on the BATCH server PC. A BATCH client must also be installed on the BATCH 
server PC.
Defining Windows users and user groups
1. Select the menu item Start > Settings > Control Panel > Administrative Tools > Dialog 
"Computer Management" > System > Local Users and Groups > Users/Groups.
2. With Action > New User/New Group, create all users (with passwords) and user groups in 
the Windows network (Windows server).
Defining user roles for SIMATIC BATCH
1. Open the BCC.
The logon dialog for SIMATIC Logon Service is displayed.
2. Enter the user name, password, and domain of a Windows user who is a member of the 
"Extended_Logon_Administrator" group here, and confirm your entry with "OK".
BATCH Control Center
9.2 Specifying user permissions
SIMATIC BATCH V8.2
Operating Manual, 02/2016, A5E35958174-AA 281