User administration for the monitoring system is an essential part of the normative basis.
On the one hand, this regulates access to the system for a specific group of people and, on the other hand, it can be used to implement the different authorization levels. In general, a distinction must always be made between read and write permissions. In systems with distinct user administrations, access to individual system functions can also be completely blocked. This means that these persons are denied any access to the corresponding data.
The aim of this measure is to ensure the security of sensitive data, which can and must be of crucial importance, especially with regard to changes to settings (limit value changes).
With the help of user management in combination with the audit trail, it is possible to track all user activities at any time, from logging in to changing settings - and this is person-related.
This creates a high degree of security and traceability. If critical changes are not traceable, the production manager must take responsibility in case of doubt.
It is also crucial that a monitoring system is a qualified system. All changes to the system must be traceable in order to maintain the qualified status.
It should be noted here that the assigned rights must be adapted to both the person's qualifications and their activity. These can be, for example
Group access
Area demarcation
Maintenance staff
Ventilation / BMS staff
Cleaning staff
Administrators
Operating staff
IT staff
Trainees/interns
The following points should be questioned in advance:
Who needs access to the system?
Which function does the respective person need access to?
Which parameters does the respective person need access to?
Are read or write permissions required?
For persons with (almost) all permissions: Who serves as a deputy, e.g. for alarm acknowledgement?
The following applies:
Critical functions can be, for example
Change limit values
Acknowledge alarms
Deactivate devices
Switch to passive
Basic settings
Non-critical:
Display diagrams
Display alarm log
Read out audit trail
In principle, the authorization levels/groups should be defined in advance. For new employees, an SOP should specify who decides which rights this person receives, who is responsible for creating them in the software and who instructs the person (training). In addition, a decision matrix can be helpful for assigning rights.
Further information on this topic:
Which standards and regulations are important?
How to handle passwords
Tasks of system operators
Tips for practical implementation
You can obtain our newsletter on the topic of "User administration".
You can simply request this by e-mail.
