High Security Systems, Technical Manual4 Setting up Access Control Protection of Objects in the TAC Vista Database
TAC AB, Nov 2006
17 (20)
Setting up Access Control Protection
of Objects in the TAC Vista Database
The user and user group objects as well as most other global objects are
automatically protected by the "$ADMINISTRATORS" Vista group.
This group is also defined as the owner of the database. It is not recom-
mended that you change these settings. It is preferable to control access
to these objects through membership of the "PlantNT\Administrators"
When logging on as VistaAdmin, start by protecting all local (non-glo-
bal) objects using the ACL editor. From the beginning, all objects have
the "Everyone Full Control (All)" ACL defined. This should be changed
to "Everyone Read(R)" for all objects. Do this by choosing each top
level unit in the database including the operator unit and set this ACL,
having checked "Replace permissions on Sub units" and "Replace Per-
missions on Existing objects". Now all the database objects are pro-
tected from change by any user, although owners can still change the
ACL of any object.
Now proceed with the parts of the database that should be open for
change. The normal ACL for these objects can be:
Everyone Read (R)
PlantTAC\VistaFieldManagers ReadWrite (RW)
PlantTAC\VistaOperationManagers Change (RWXD)
If some users should not be able to see some objects at all, the above
ACL could be combined with an entry like
PlantTAC\VistaUsers No Access (None)
On objects requiring a valid Electronic Signature and a "Reason for
Change" information to be entered, the "Require Signature on DB-
Object change" must be checked.
Select the Enforced acknowledge response required check box if you
want to acknowledge alarms using cause and action codes.
Set up a backup schedule for the TAC Vista database
Both the Log and object database must be configured to perform auto-
matic backups.
Make sure that the backups are saved on write-only media.
For more information on backups, see
TAC Vista, Technical Manual