System security - Metasys - LIT-12011832 - General System Information - Metasys System - 12.0

Metasys System Configuration Guide
Brand
Metasys
Product name
Metasys System
Document type
Configuration Guide
Document number
LIT-12011832
Version
12.0
Revision date
2024-03-25
Product status
Active
Language
English

User accounts control user access to the Metasys system. An account defines which portions of the Metasys data a user can access (for example, all HVAC data or all lighting data from a particular area of the building) and which functions the user can perform on that data, from view-only access to configuring new databases. The Metasys system provides the ability to divide the data into 13 pre-defined categories (including HVAC, Fire, and Security), plus 150 additional custom categories; and has 10 different levels of user functionality.

You can further limit user accounts to operate only at specified times on specified days of the week. The System Administrator creates all account settings.

Each account can also have associated preferences, such as which graphic or trend to display when a user logs in to the SMP UI, or which User Views appear in the Navigation Tree.

The SMP and Metasys UI can use Microsoft Active Directory® accounts.

The User Management feature facilitates the creation and management of users and their roles, category-based permissions, and privileges directly in Metasys UI Online, without the need to install software on client machines. Administrators can create and manage user details for Active Directory and Metasys local users. This feature is also available in the Metasys Site Management Portal (SMP), but over time it will be available in Metasys UI Online only.

You can assign user access permissions to specific spaces and the equipment serving those spaces with the Metasys UI Space Authorization. You can thereby segment user access by physical space within the building or campus.

In addition to making it easier for system administrators to manage Metasys account access, Microsoft Active Directory®, including Active Directory Federation Service (ADFS), also provides the ability to use Single Sign-On to access the Metasys system, together with other supported applications on the enterprise network. ADFS authentication is available to Metasys UI users, but is not available to Metasys SMP users.

The Audit Log and the System Activity feature record all user activities, and the System Administrator can thereby monitor user actions.

User names and passwords are obscured at login for local and Active Directory accounts. After login, user names are partially obscured on the SMP or SCT UI window (for example, JohnSmith appears as Joh***).

The following table lists the password rules enforced by the Metasys system user's language locale setting.
Table 1. Metasys system password rules
Supported language locale Enforced password rules
English (en_us)
  • The password must include a minimum of 8 characters and a maximum of 50 characters.
  • The password cannot include spaces or include a word or phrase that is in the Blocked Words list.
  • The password and the user name cannot share the same three consecutive characters.
  • The password must meet the four following conditions:
    • Include at least one number (0–9)
    • Include at least one special character (-, ., @, #, !, ?, $, %)
      Note: Only the special characters listed above can be used; all other special characters are invalid.
    • Include at least one uppercase character
    • Include at least one lowercase character
Czech (cs_cz)

German (de_de)

Spanish (es_es)

French (fr_fr)

Hungarian (hu_hu)

Italian (it_it)

Norwegian (nb_no)

Dutch (nl_nl)

Polish (pl_pl)

Portuguese (Brazilian) (pt_br)

Russian (ru_ru)

Swedish (sv_se)

Turkish (tr_tr)
  • The password must include a minimum of 8 characters and a maximum of 50 characters.
  • The password cannot include spaces or include a word or phrase that is in the Blocked Words list.
  • The password and the username cannot share the same three consecutive characters.
  • The password must meet three of the following conditions:
    • Include at least one number (0–9)
    • Include at least one special character (-, ., @, #, !, ?, $, %)
    • Include at least one uppercase character
    • Include at least one lowercase character
    • Include at least one Unicode character that is categorized as an alphabetic character but is not uppercase or lowercase
Chinese Simplified (zh_cn)

Chinese Traditional (zh_tw)

Japanese (ja_jp)

Korean (ko_kr)
  • The password must include a minimum of 8 characters and a maximum of 50 characters.
  • The password cannot include spaces or include a word or phrase that is in the Blocked Words list.
  • The password and the user name cannot share the same three consecutive characters.
  • The password must meet two of the following conditions:
    • Include at least one number (0–9)
    • Include at least one special character (-, ., @, #, !, ?, $, %)
    • Include at least one uppercase character
    • Include at least one lowercase character
    • Include at least one Unicode character that is categorized as an alphabetic character but is not uppercase or lowercase

Refer to the Account Policy Tab section in the Security Administrator System Technical Bulletin (LIT-1201528) for further information about how passwords are used by the user account, the account lockout policy and the inactive session policy.