Access Control

Automation1 Access Control lets you configure your Automation1 controller to put a limit on the number of users who can get access to it. Access control specifies a list of users that are permitted to connect to your controller and a list of users that are permitted to manage the controller as administrators.

Enable access control if you want to let a specific group of users connect to your controller or if you want to let a specific group of users do the administrator-only tasks that follow:

• Examine and change the access control configuration.
• Download and upload a Machine Controller Definition file.
• Manage the Automation1 license keys.
• Update software.

To use access control, you must install the Automation1-MDK and the Automation1-iSMC on computers that have access to the same Windows Active Directory instance. You can use the same computer. You can also use local Windows accounts as an alternative to a Windows Active Directory instance if the Automation1-MDK and Automation1-iSMC obey the conditions that follow:

• They are installed on the same computer.
• The computer does not have access to a Windows Active Directory instance.

You can configure Automation1 Access Control in Automation1 Studio. When you configure access control, your Windows account will be added automatically with the Admin permission. One Admin must be configured at all times, so you will not be able to delete your own account from Access Control. If you need to delete your account from Access Control, another configured user with the Admin permission must do so.

If you forget your user name or password, recover this information by doing one of the options that follow:

• Use the instructions supplied by your IT department.
• If you are using local Windows accounts, use the standard Windows procedures.

To Configure the Access Control

1. Open Automation1 Studio and select the Configure tab.
2. On the Controller menu, select Administration.
3. At the bottom of the application, select the Access Control tab. The Access Control section comes into view.
Figure: Access Control Section of the Configure Tab



4. In the Access Control section, click the Enable Access Control button. The Configure Access Control? dialog comes into view.
5. In the Configure Access Control? dialog, click Yes to continue. Then obey the on-screen instructions that follow to assign Windows accounts to the access-control permissions.

The table that follows includes a list of permissions available to configure in Access Control.

Permission	Description	Notes
Controller / APIs	Allows access to log in to the controller using an API call.	This permission is automatically granted to all users configured in Access Control and is necessary for the other permissions. Delete a group or user from Access Control to remove this permission.
Studio / Console	Allows access to log in to Studio and Console.	N/A
MachineApps - All	Allows access to all MachineApps.	This permission automatically allows access to all current MachineApps and MachineApps that are created after Access Control is configured.
MachineApps - Custom or None	Allows access to specific MachineApps.	This permission does not automatically allow access to MachineApps that are created after Access Control is configured.
Admin	Allows access to administrator tasks in Studio and Console.	This permission automatically allows all other permissions when selected.

If you change the access control configuration while a user is connected to the Automation1 controller, changes to their assigned permissions have an effect only after they disconnect from the controller and connect again.

Access control that is configured for a specific Windows Active Directory instance does not operate correctly if one of the conditions that follows occurs:

• You move the Automation1-iSMC to a different domain controller.
• You apply the same access control configuration to an Automation1-iSMC that has access to a different domain controller.