Adding/changing database administrators

	Allow operating system access for authorized users only The content of the user database is protected against manipulation with a signature. The names of groups, object protection levels and users are not encrypted and could be read. Access to the IPC should be restricted to authorized users via the operating system.

This description is designed for Build 4024.

The user database includes two administrators with different task areas:

Signing (releasing) changes to the database
Changing the contents of the database

The first (signing) administrator is created directly when the user database is created:

Adding/changing database administrators 2:

Following the creation of the first database administrator, TwinCAT 3 creates the second (editing) administrator as user in the database ("main user") and suggests the name of the first (= signing) administrator as the user name. This allows both administrator functions to be easily combined and created and used with the same username and password if required:

Adding/changing database administrators 3:

	Build 4022: This input window does not yet exist there. Therefore, following the creation of the user database, the editing database administrator must be created manually as a user and assigned to the "GRP_Administrators" group.

Creating new signing database administrators

Further signing administrators can be created on the Database tab in the Software Protection configuration console.

The desired database must be selected; a new administrator can then be created or an existing one deleted in the Database Admin window area:

Adding/changing database administrators 5:

Creating new editing database administrators

Further editing administrators can be created on the Users tab in the Software Protection configuration console:

Adding/changing database administrators 6:

The new user must be assigned to the "GRP_Administrators" group.

The user can also be a Windows account (domain user); in this case, the associated Windows password can be used for automatic login.

After selecting a user, it can also be deleted, changed or moved up or down in the list:

Adding/changing database administrators 7:

	There must always be a user with administrator rights! If you do not have a user with administrator rights in the user database, you will not be able to make any further changes to the database (including adding a new administrator!). Therefore, there must always be at least one user with (editing) administrator rights! (The signing administrator is not sufficient because he is not allowed to make changes to the user database).