TN - 1296 OI Server Security

Description

This article from InSource describes the security enhancements for the OI Server in AVEVA System Platform 2023.  Administrative access is required now to modify the configuration of the communication drivers.

• Author: Rich Brooks
• Published: 10/28/2022
• Applies to: AVEVA System Platform 2023 and higher

Details

General users accessing the Operations Control Management Console (OCMC) which was formerly the System Management Console (SMC) have view only access to the OI Servers.  They can not configure the communications drivers.  The menu options are disabled for general users.

Users must login for elevated access.  Select to highlight and right-click on Operations Integration Supervisory Servers from the OCMC to select Sign-in as OI Administrator.

Enter the Domain, User Name, Password, and Keep sign-in minute(s).  

After logging on, the word [Admin] is displayed for the local nodes. This local admin login is unable to configure the remote OI Server. 

Logging into the domain with administrative access gives the control for remote nodes.  There is a tool icon to indicate that administrative access has been granted for both the local and remote nodes.

Add users that need administrative access to the oiAdministrators group.  They will be automatically logged into the OCMC when they log into the computer.

A local Windows administrator will have administrative access to the local OI Server only.  The will have view only access to remote OI Servers.  Administrative users need to be either a member of the local Administrators or oiAdministrators group on each machine.