User Manual

Cybersecurity Concepts – How to Secure the System

User Management

A6V11646120_enUS_b_40

59 | 85

3.1 User Management

User Account Management

NOTICE

Desigo CC users can be configured to use local passwords or to use Windows

authentication (for example, Active Directory).

Use Windows authentication wherever possible to enhance security, control, and

management of passwords.

General security guidelines for Desigo CC user account management (Windows OS):

● Use nominative accounts (do not use generic -group accounts- that are used by

multiple persons)

● Rename the default administrator account

● Use strong passwords (for example, 12 characters including upper case, lower

case, special characters, and numbers)

● Change passwords on a regular basis, especially passwords for administrator

accounts and the password of the service account (root)

● If accounts are created by default or from a template, use different passwords for

each installation

● Do not use the same password for the default administrator account and the

service account

● Make sure there is a process in place to disable and then remove (above desired

logs' retention time) old/unused user accounts

● Auto-logon features skip the identification of a user and should therefore only be

used either in controlled environments, where the effective user can be

determined differently, or for users that are only authorized to see non-

Unrestricted data

User Authorization Configuration

User access rights in Desigo CC are determined by four main factors:

● The system must know the user (authentication)

● The user must be assigned a user group

● The user group has the appropriate application rights

● The user group must have the appropriate scope rights

If all of these conditions are met, the user can log on to Desigo CC and read/write

objects and execute tasks, depending on the assigned rights.

For detailed information on how to configure user authorization (users, user groups,

application rights, scope rights), see sections User and User Group Administration and

Scopes in the Desigo CC online help.