Claims
- 1. A security component within a supervisory process control and manufacturing information system comprising:
a set of user roles corresponding to different types of users within the information system; a set of security groups defining a set of security permissions with regard to a set of objects, wherein each security group includes an access definition relating the security permissions to at least one of the set of user roles; and a set of user accounts assigned to at least one of the defined roles thereby indirectly defining access rights with regard to the set of objects having restricted access within the system; wherein the security permissions are assigned at an object attribute level.
- 2. The security component of claim 1, wherein the information system is distributable to a plurality of networked computer devices.
- 3. The security component of claim 1, wherein the information system has a layered architecture.
- 4. The security component of claim 3, wherein the layered architecture comprises application objects that model entities within a process control system, engine objects that host execution of the applications in a runtime environment, and platform objects corresponding to a physical computer system component for executing the engine objects and associated application objects and wherein the platform objects host at least one of the engine objects.
- 5. The security component of claim 4, wherein the engine objects and platform objects address aspects of the application relating to the physical computing device configurations upon which the application executes, and wherein the application objects execute independently of the physical computing device configurations.
- 6. The security component of claim 4, wherein the application objects communicate on the same computing device through engine objects and communications across a network of computing devices are supported by the platform objects thereby insulating communications between application objects from the topology of a computer system within which the application objects execute.
- 7. The security component of claim 1, wherein each user has a user profile.
- 8. The security component of claim 7, wherein the user profile contains security-related information and at least one role.
- 9. The security component of claim 8, wherein the at least one role grants permissions to the user to perform specific activities.
- 10. The security component of claim 9, wherein the permissions are operation permissions.
- 11. The security component of claim 10, wherein the operation permissions comprise security groups.
- 12. The security component of claim 11, wherein the security groups comprise objects.
- 13. The security component of claim 12, wherein the objects comprise at least one attribute and each attribute has a security classification.
- 14. The security component of claim 13, wherein the security classification of each attribute defines the users that may write to the attribute.
- 15. The security component of claim 13, wherein the at least one attribute are designed to be accessed by multiple users.
- 16. A method of editing an attribute of a security component within a supervisory process control and manufacturing information system, the method comprising:
receiving the authentication materials from a user; obtaining the proposed changes to the attribute; checking the permissions of the user inputting the proposed changes; accepting the proposed changes in the event that the permissions of the user are validated; and denying the proposed changes in the event that the permissions of the user are invalidated.
- 17. The method of editing an attribute of claim 16, further comprising the step of requesting a second authentication.
- 18. The method of editing an attribute of claim 17, further comprising the step of requesting the authentication of a third party.
CROSS REFERENCE TO RELATED APPLICATION
[0001] This nonprovisional patent application claims priority to U.S. provisional application Serial No. 60/300,363 filed on Jun. 22, 2001, entitled “A Hierarchical Object-based Architecture for Executing Applications On a Process Control Platform” and to a U.S. provisional patent application Serial No. 60/300,500, McIntyre et al., filed on Jun. 22, 2001, entitled “A Security Architecture For A Process Control Platform Executing Applications.” The contents of both of the aforementioned patent applications are expressly incorporated herein by reference in their entirety including the contents and teachings of any references contained therein.
Provisional Applications (2)
|
Number |
Date |
Country |
|
60300363 |
Jun 2001 |
US |
|
60300500 |
Jun 2001 |
US |